Hello, Sean wrote on 23. Dec 2023 20:52 (GMT +01:00): > Hello, I was re-generating the moduli for SSH, and during that process I > noticed that, when running the following command: > > ssh-keygen -M screen -O prime-tests=600 -O generator=3 -f > moduli-2048-01.candidates moduli-2048-01c > > > It does not produce any errors, only the following: > ebug2: 1467763: (4) Sophie-Germain > debug2: 1467763: generator 0 != 3 According to this https://github.com/openssh/openssh-portable/blob/1036d77b34a5fa15e56f516b81b9928006848cbd/moduli.c#L718 It only guesses 2 (p mod 24 == 11 aka quadratic no residue) or 5 (p mod 10 == 3, 7). Seems to miss the p mod 12 == 5 check for g=3. (And also p mod 24 = 23 for g=2 quadratic residue) Not sure what the idea behind ignoring 3 is, but certainly should be documented if not fixed, I also wonder if it should if a generator is specified instead only test its matching remainder, that way It will catch all candidates not only the ones which did not fail the g=2 test. Gruss Bernd — https://bernd.eckenfels.net _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
