Re: The Poly1305-AES message-authentication code
From: D. J. Bernstein (djb_at_cr.yp.to)
Date: Sat, 6 Nov 2004 23:19:11 +0000 (UTC)
David Wagner wrote:
> But fortunately, we are not forced to use Diffie-Hellman key exchange
> with a static shared secret.
Diffie-Hellman is, as far as we know, unbreakable, and it is much more
efficient than any of the alternatives, primarily because we _can_ save
and reuse the shared secret.
Your religion says that we have to use other protocols---protocols that
are much too slow to be used for more than a fraction of all Internet
traffic. You call this ``fortunate''; I call it incredibly bad design.
---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science, University of Illinois at Chicago