Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 19 Oct 2015 22:16:19 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security <oss-security@...ts.openwall.com>
Cc: Seth Arnold <seth.arnold@...onical.com>
Subject: Re: Prime example of a can of worms

On Mon, Oct 19, 2015 at 3:40 PM, Daniel Kahn Gillmor <dkg@...thhorseman.net>
wrote:
>
> On the flip side, saying "use only strong (>=2048bit today in 2015?),
> well-known, well-structured, publicly-vetted groups" is very simple
> guidance: clear and easy to follow.
>
> A move to well-known, large safe primes seems simpler/saner than trying
> to work with an environment where peers are generating new primes which
> may or may not be well-formed.  (similarly, we're converging on a world
> where there are a few trusted, well-vetted, well-optimized DH groups for
> elliptic curve DH, because encouraging arbitrary ECDH groups ends up
> being sketchier for everyone)
>
>       --dkg
>

So it occurs to me that we have no corpus of data on Diffie Helman primes.
With this in mind I would like to create one. Openssl command line can
easily create them, using either the 2 (default) or 5 generator (explained
at
http://security.stackexchange.com/questions/54359/what-is-the-difference-between-diffie-hellman-generator-2-and-5
)

For example the following code:

#!/bin/bash
for i in `seq 1 100`;
do
    openssl dhparam 2048 -text >> $i
done

will generate 100 2048 bit primes. If you can ideally simply commit the
files to the following github repo:

https://github.com/RedHatProductSecurity/Diffie-Hellman-Primes/

simply create a directory in the root with your name/whatever you want to
call it (nothing rude please) and have a "2048" directory for the 2048 bit
primes and a "4096" directory for the 4096 bit primes I would appreciate
it. If you use a tool other than OpenSSL command line to generate the
primes please make a note of it (especially any command line options used)
in a .txt file in the root of your data directory. My goal is to collect a
few million primes of each size so we have some real data to work with.




--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@...hat.com

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.