Re: Weak DH primes and openssh

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Thu, 28 May 2015, Hubert Kario wrote:

> > If this is the only attack you're trying to address, and you've
> > already limited yourself to safe primes, then NUMS properties don't
> > really add anything. The NUMS approach is there are to try to avoid
> > the possibility of other, unknown cryptanalytic attacks against some
> > infrequent type of group, so that the entity who defines the group
> > can't force you into this secret corner case if they have special
> > knowledge.
>
> that being said, how using NUMS seeds to generate safe prime would
> hurt?

If you're concerned about precomputation, then it effectively gives the
attackers a list of what you're going to use in the future.

> also, doesn't that require us to provide primality certificates for q
> rather than p?

IMO you'd want both to prove a safe prime

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux