[Cryptography-dev] The ECDH vulnerability
Alex Gaynor
alex.gaynor at gmail.com
Mon Jul 23 17:04:12 EDT 2018
When you load an object into an EllipticCurvePublicKey instance, we verify
that the point is on the curve. EllipticCurvePrivateKey.exchange(ECDH(),
public_key) will also refuse to perform an excahgen where the public and
private keys aren't on the same curve.
Alex
On Mon, Jul 23, 2018 at 4:53 PM Roland Hedberg <roland at catalogix.se> wrote:
> In
> https://blogs.adobe.com/security/2017/03/critical-vulnerability-uncovered-in-json-encryption.html
> Antonio Sanso discusses a vulnerability when doing Key Agreement with
> Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES).
>
> Can cryptography help me with this ?
>
> Basically, can I use cryptography to check whether public key is on the
> private key's curve.
>
> — Roland
>
> The higher up you go, the more mistakes you are allowed. Right at the top,
> if you make enough of them, it's considered to be your style.
> -Fred Astaire, dancer, actor, singer, musician, and choreographer (10 May
> 1899-1987)
>
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev
>
--
All that is necessary for evil to succeed is for good people to do nothing.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20180723/b4ebb7c0/attachment.html>
More information about the Cryptography-dev
mailing list