Re: [Bug 2302] with DH-GEX, ssh (and sshd) should not fall back to unconfigured DH groups or at least document this behaviour and use a stronger group

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Tue 2015-05-26 15:39:49 -0400, Mark D. Baushke wrote:
> Hi Folks,
>
> The generator value of 5 does not lead to a q-ordered subgroup which is
> needed to pass tests in
>
> http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf

I pulled revision 2 of this document from here:

https://dx.doi.org/10.6028/nist.sp.800-56ar2

The "FFC Domain Parameter Generation" section does say:

    g is a generator of the cyclic subgroup of GF(p)* of order q,

But i don't see a recommendation of why this matters.  Surely we don't
want the subgroup of order 2, but what is wrong with using a subgroup of
order 2q = p-1?

There's clearly no strong security advantage to the 2q subgroup -- it's
just one bit larger -- but is there an attack that works against the 2q
subgroup that doesn't work against the q subgroup?  If this is a known
concern, i'd be happy with just a pointer to a paper or web page
explaining the risks of the larger group.

otoh, if the goal is just to ensure we have word-for-word compliance
with SP800-56A, then it's clear that choosing a different generator is
the way to go (and without much of a security cost).  but i'd like to
know if there's a reason other than blind-spec-compliance.  Pointers?

Regards,

        --dkg

Attachment: signature.asc
Description: PGP signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux