On May 26 15:10-0400, Daniel Kahn Gillmor wrote: > On Tue 2015-05-26 14:02:07 -0400, Hubert Kario wrote: > > On Tuesday 26 May 2015 13:43:13 Daniel Kahn Gillmor wrote: <snip> > I've been talking with several cryptographers for the last year about > finite-field DH (FFDH) and i haven't heard any suggestion that any of > them think there is likely to be such a class of backdoored moduli. > > > yes, it would basically exclude the chance that the primes are backdoored, > > there's still the chance for the values to be composites > > > > for values to be used on this many machines, I'd say we should have primality > > proofs, not just M-R "guess" > > Does anyone have a pointer to any decent free software for generating > and verifying primality proofs? > > --dkg I am currently running Debian's /etc/ssh/moduli (not sure if it is the same as distributed with openssh) through ecpp-dj . I found the code at http://www.mersenneforum.org/showthread.php?t=18283 (there is a 1.04 version in the download directory), I think he just split it out from his perl module at https://github.com/danaj/Math-Prime-Util-GMP . It is single-threaded, and I'm not sure how well it does with larger primes (at 1000 decimal digits (~3325 bits, if my math skills haven't failed me), his benchmarks show it took 10x as long as primo on the prime he chose). So far, it is running at 15-60 seconds ea for 1535-bit primes on my old i7 950 @ 3.07GHz, not sure how it will do with the larger ones. I'll probably need to move this to a cluster to have it complete in a reasonable amount of time. -- Eldon Koyle -- A fail-safe circuit will destroy others. -- Klipstein _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev