Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

non-prime and small subgroup DH #40

Closed
lilyanatia opened this issue May 18, 2015 · 5 comments
Closed

non-prime and small subgroup DH #40

lilyanatia opened this issue May 18, 2015 · 5 comments
Labels
subdomain

Comments

@lilyanatia
Copy link
Contributor

most (all?) clients will accept very bad DH parameters, such as (31-bit subgroup):

-----BEGIN DH PARAMETERS-----
MIICCgKCAQEA////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////
///////////////////////////wAAAAHQKCAQEAu6kFl4Jni6wu89MOPQwhFQdz
k4SsloDJnHPB7SBXRjZHIkqVjTCGqO/PA4LqerBfXtgnh33YVaefTtYLQGC0bLqi
19PeEv3n8PaTB+RqMisy54p6mhBQZ2VxkiPKphpljueg1VPTN6GN7f/P2TCFXCE3
VRS3roLvvQ4CikZMyO8xVK58mU5YHv7u8A4b/rilq4m+Hr5upS5zvlKIU1iqi47d
0oyrrY9X9AVT2KtmHUdIhwMKPMWpgGGG/si/jrzPI2jAcuVDGRYx8D1btqhzFWQZ
CvJdDaVVA6JSw0XCp3zq71uzuU4vrLBRskZ/vFVw1FHmUSyR4JcDsu+YLzoT+A==
-----END DH PARAMETERS-----

or (not prime):

-----BEGIN DH PARAMETERS-----
MIIBBwKCAQBed4vGnUmyHOfbuX0tMqo0gVsdd30AOBYfqQppFv3UycvnmSdu1Q95
C/gGHCoK2L+DqRHf4OxuiPz/JpqAJtoBVAbqqf1XOALWliZIo3hJGZxrTUuZPawa
iEmzENZRFFG3IJyQ5/9g9+O2McQfYH6NaAuV8+SA7erVyx0sDjitmgW6fAxeFTVQ
oEeZiYKoyCfLhPFdT5fl4ug7MtXnNEpPjSBovMD5Xs/ZlJ3FDfsV69Swoz7dS+UK
JlCrv7Obf+tlJCMhFJf3A2GNP+RzIJddSn2JbBaTMECgpwgBuKmqkKL6LiDzNML/
rvO1LFfU+tV4bbn+RBiu+OCC2m2ZTgvHAgEF
-----END DH PARAMETERS-----
@lgarron
Copy link
Collaborator

lgarron commented May 19, 2015

Sounds good. dh-small-subgroup ( dh-bad-g/dh-bad-generator?) and dh-composite?

@lilyanatia
Copy link
Contributor Author

I'd probably go with "small subgroup" for the first one. there are primes for which even the best possible generator generates a small subgroup, and the size of the subgroup is what makes the parameters weak. you could go even smaller than a 31-bit subgroup, but really there's no reason not to use a safe prime for DH.

clients that support DH really should do a BPSW test on p and (p-1)/2 and reject the parameters if either one comes back composite.

@lgarron
Copy link
Collaborator

lgarron commented May 22, 2015

Would you like to make a pull request with these? It should be pretty easy to copy this PR.

clients that support DH really should do a BPSW test on p and (p-1)/2 and reject the parameters if either one comes back composite.

Mumble mumble performance mumble.

@lilyanatia lilyanatia mentioned this issue May 22, 2015
Merged
@lilyanatia
Copy link
Contributor Author

Mumble mumble performance mumble.

that's why i said "BPSW" instead of "ECPP"...

@lgarron
Copy link
Collaborator

lgarron commented May 22, 2015

Merged via PR #45.

@lilyanatia lilyanatia mentioned this issue May 29, 2015
Open
@daurnimator daurnimator mentioned this issue Dec 15, 2016
Open
2 tasks
@t47 t47 mentioned this issue Feb 16, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
subdomain
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lgarron @lilyanatia