commit 3e69e92f046e2ed9dcdc18a2e91de7a605f3f63a
parent ad29fe190d65b857fcd4411d6f2b5ed583ea7081
Author: Jared Tobin <jared@jtobin.io>
Date: Tue, 15 Aug 2023 18:35:54 -0230
Fix typo.
Diffstat:
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/docs/s5.md b/docs/s5.md
@@ -169,8 +169,8 @@ b mod p = 1, as will the shared key from Alice's perspective (since 1 ^
a mod p = 1). Mallory thus needs to forward a 1 as Alice's public key in
order for Bob to agree on the shared key.
-For g = p, Bob computes B = p ^ b mod p = 0, so Mallory needs to forward
-a 0 as Alice's public key in order for them to agree on the shared key.
+For g = p, Bob computes B = p ^ b mod p = 0, so Mallory can forward a
+p as Alice's public key in order for them to agree on the shared key.
Finally, the case of g = p - 1. Note that for any p > 1 and any even b, we
have (for appropriate coefficients a, c, etc.):
@@ -208,7 +208,9 @@ probability 1/2 + 1/2 - 1/4 = 3/4.
(Mallory could ensure the attack works every time by forwarding 1's for
*both* public keys, but that seems against the spirit of the question.)
-Here are the interleaved logs of a successful attack:
+Here are the interleaved logs of a successful attack. Start mallory with
+e.g. the `dhngmitm 1` or `dhngmitm p` protocol to perform this attack
+with g = 1 or g = p, or use `dhngmitm'` for the g = p - 1 case:
(cryptopals) bob: listening..
(cryptopals) mallory: LiSteNIng..
@@ -244,5 +246,3 @@ Here are the interleaved logs of a successful attack:
(cryptopals) alice: decrypted ciphertext: "confirmed, attacking at 10pm"
(cryptopals) mallory: ending session
-
-
