Talk:Elliptic curve Diffie–Hellman
|WikiProject Cryptography / Computer science||(Rated Start-class, Mid-importance)|
ECDH and Protocol Security
The article states, "The protocol is secure because nothing is disclosed..." Unfortunately, nothing is authenticated, so its only secure against eavesdroppers (passive attackers). It will fail against active attackers (ie, Man in the Middle (MitM)). — Preceding unsigned comment added by Noloader (talk • contribs) 22:00, 16 January 2012 (UTC)
Needs section on vulnerabilities
Isn't this an encryption used by Tor? If so, it seems like this merits a much more detailed article.
Also, is it vulnerable to the attacks described on the elliptic curve article, or to other ones?
What is being done with Tor to mitigate the risks of having "magic constants" and recommended pseudo-random number generators supplied by US government agencies?