-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provenance of ffdhe2048.txt #116
Comments
The value in the ffdhe2048.txt file comes from RFC7919: https://tools.ietf.org/html/rfc7919#appendix-A.1 Side note: I don't know what you use those primes for but group 22, 23 and 24 are known weak parameters, you should basically never use them. |
We provide them as options, they're not default; we recommend people generate their own and always have, but several years back added defaults so that DH would always be available. Originally to IKE23 and then a few years back to parameters which I generated but I added the RFC7919 primes so that if people didn't trust me they could choose something with some public record. The value I have was generated from the RFC text with a tool and I re-ran it yesterday and thought I got the same result as before, but running it now I get the same value you do. I might be going crazy. It's not that the C form was missing the first line of the prime, since that yields a different PEM result and doesn't pass integrity checks. Okay, thanks, we'll continue looking into it. Since I can now generate a form which matches yours, there's no issue here. |
huh? I took the embedded PEM and used |
Folks, could someone please explain the provenance of https://ssl-config.mozilla.org/ffdhe2048.txt and how that value was derived from the RFC?
In Exim, we've received a PR from a mystery source, asking to update our copy of ffdhe2048 to a new value. It appears to match the value which Mozilla provides at the above URL. The value in our code is in "std-crypto.c", almost entirely RFC comments and auto-converted constants: https://git.exim.org/exim.git/blob/HEAD:/src/src/std-crypto.c (currently lines 510-518)
with the tooling I wrote to handle the conversion from RFC form being at https://git.exim.org/exim.git/blob/HEAD:/src/util/gen_pkcs3.c
I've re-run the code against the RFC and things so far look like there's no error on our side, but I don't pretend to be a cryptographer and I might have missed something. Something thunderously stupid which means that I've misconverted all the constants?
It would really help to know exactly how the Mozilla-provided DH params were converted, so that I can compare and contrast to see if and how I've done something wrong.
Thanks.
The text was updated successfully, but these errors were encountered: