Although the article is essentialy correct, not that it brings up anything new that hasn't been known for years. The fact remains that
Diffie-Hellman is not used for key verification but key exchange and generation. Diffie-Hellman generates a symetric key for use with other algorithms, as was its design. Only later was it modified for use in PGP and other such applications as ElGamal.
This is indicitive of the problem with much of the discussion of security these days. Every two bit hack thinks he can simplify the whole thing down to, something like public/private keys are insecure. Without actually understanding the nature of the problem.
Slashdot Mirror
Although the article is essentialy correct, not that it brings up anything new that hasn't been known for years. The fact remains that Diffie-Hellman is not used for key verification but key exchange and generation. Diffie-Hellman generates a symetric key for use with other algorithms, as was its design. Only later was it modified for use in PGP and other such applications as ElGamal. This is indicitive of the problem with much of the discussion of security these days. Every two bit hack thinks he can simplify the whole thing down to, something like public/private keys are insecure. Without actually understanding the nature of the problem.