[Cryptography] DH non-prime kills "socat" command security
John-Mark Gurney
jmg at funkthat.com
Tue Feb 9 13:15:39 EST 2016
Ray Dillinger wrote this message on Tue, Feb 09, 2016 at 09:06 -0800:
> On 02/08/2016 07:03 PM, Benjamin Kreuter wrote:
> > On Thu, 2016-02-04 at 18:30 -0800, Henry Baker wrote:
> >> There is an outstanding problem: if we all use the same primes, large
> >> nation-states can build log (rainbow-like) tables for these primes;
> >> if we use different primes, we then have to prove to our
> >> correspondent that the "prime" we propose is really
> >> prime. Generating such primes and generating such easily-checkable
> >> proofs appears to take too much time for normal HTTPS ecommerce.
>
> > Also note that allowing people to generate their own parameters adds
> > complexity to protocols that are already notoriously difficult to get
> > right, and to their implementations which are also notoriously
> > difficult to get right. IMO it is better to choose common parameters
> > large enough to resist nation-state attacks, and for everyone to use
> > those parameters.
>
> I think I disagree. It's easier to get code that deals with
> general parameters right - once - than to rely on individual
> implementations that depend on specific hardcoded numbers
> for each of a dozen different groups being used in different
> applications.
>
> And I think I'd be as happy with code that does a hundred
> iterations of three or four *different* probabilistic primality
> tests as I'd be with a proof of primality. Proofs of primality
> are likely only to apply to a very small set of numbers having
> very specific properties some of which we don't necessarily
> fully understand.
I'll point out that RFC2631 provides and algorithm to generate DH params
from seeds, and when provided the seeds, you can verify that they were
generated sanely...
I have python code that implements RFC2631 for generating DH
params... It's in vke.py, part of my pyfp program:
https://www.funkthat.com/~jmg/pyfp/pyfp-0.5.tar.gz
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
More information about the cryptography
mailing list