[Cryptography] DH non-prime kills "socat" command security

Phillip Hallam-Baker phill at hallambaker.com
Sat Feb 6 12:04:52 EST 2016


On Fri, Feb 5, 2016 at 7:14 PM, Ray Dillinger <bear at sonic.net> wrote:
>
>
> Well crap. The fermat test got this on the first iteration.
>
> Before we worry about provable primes, we can implement much simpler
> probabilistic primality tests that clients can use to at least try to
> disprove primality.  This particular number yields instantly to every
> probabilistic primality test that's been tried on it as far as I can
> tell.
>
> And honestly there's been no case ever of a nonprime discovered that
> fools both the Fermat test and Maurer's algorithm for 100 iterations,
> and at least in the civilian world as far as I know nobody has any
> idea how to find one.

Is there any particular reason to think anyone thought it was a prime
as opposed to just a large random number?

DH works fine in a non prime field. It is just less secure.

Before worrying about whether this is an example of a Fermat test
prime that turned out to not be, ask if this is simply a test vector
that was meant to have been replaced that wasn't. Or alternatively
someone didn't understand that the tests have to be done multiple
times or they mucked up the code.

For open standards the point is now moot as we will be doing ECDH on
fast prime curves.


More information about the cryptography mailing list