Re: Java applet security, exportability, Jon Postel haiku

Anonymous (nobody@replay.com)
Tue, 27 Oct 1998 02:41:31 +0100

• Next message: EKR: "Re: Java applet security, exportability, Jon Postel haiku"
• Previous message: Enzo Michelangeli: "Re: Java applet security, exportability, Jon Postel haiku"
• Maybe in reply to: David R. Conrad: "Java applet security, exportability, Jon Postel haiku"
• Next in thread: EKR: "Re: Java applet security, exportability, Jon Postel haiku"
• Reply: EKR: "Re: Java applet security, exportability, Jon Postel haiku"

> 1a) Am I correct that this is proof against the man in the middle?

Not as long as your MITM can force a sabotaged applet on your client
(contains altered g^x, uses bad RNG code, sends a copy in the clear for
attacker's convenience, etc).

...
> 2) Is 160 bits sufficient for y?

No -- although I don't know much about the difficulty of the DLP with
various parameters, I do know the KEA spec uses 160 bits to (allegedly)
force 2^80 operations upon attackers, not enough to keep your kid sister
out.

> 3) Is K = SHA1(k) a suitable way to generate the session key?

If SHA-1 is a good hash, probably so.

> 4) What symmetric cypher would you recommend I use?

Arc4 has legal isues, among other things, and IDEA is patented, leaving
3DES as the only one remaining of your choices. (Or, if you're looking for
a moderately old cipher, there's always... :)

• Next message: EKR: "Re: Java applet security, exportability, Jon Postel haiku"
• Previous message: Enzo Michelangeli: "Re: Java applet security, exportability, Jon Postel haiku"
• Maybe in reply to: David R. Conrad: "Java applet security, exportability, Jon Postel haiku"
• Next in thread: EKR: "Re: Java applet security, exportability, Jon Postel haiku"
• Reply: EKR: "Re: Java applet security, exportability, Jon Postel haiku"