the "primes" file

Tom Holroyd tomh at po.crl.go.jp
Tue Apr 3 17:42:08 EST 2001


I'm curious about the "primes" file included with OpenSSH-2.5.2p2.
Where did it come from and what is the policy regarding the values
it contains, or will contain in the future?

SRP has different requirements from Diffie-Hellman.  In particular,
for SRP the generator must be primitive.  It turns out that the "primes"
file contains only safe primes with primitive generators, and is thus
ideal for SRP, but so far in OpenSSH it has only been used for DH,
which doesn't require this.

Right now the SRP patch uses these primes during construction of the
srp-param.c file.  It does test them first, and will reject any entries
that are not safe enough, but it would be nice to know that there are
no plans to put unsafe primes or non-primitive generators in this file.

As a side issue, the SRP patch compiles the primes into libssh, and
provides a function srp_get_param() which could be used to replace the
file-reading code that is currently in dh.c, as well as an is_safe_group()
function that can be used to check DH parameters*.  This removes
the requirement of having to install an extra configuration file.

* This is not currently done in OpenSSH -- in fact as far as I can tell,
using the DH_GEX_SHA1 key exchange method, an attacker can send a modulus
that is not prime (only the length is checked).  Is this not a problem?

Dr. Tom Holroyd
"I am, as I said, inspired by the biological phenomena in which
chemical forces are used in repetitious fashion to produce all
kinds of weird effects (one of which is the author)."
	-- Richard Feynman, _There's Plenty of Room at the Bottom_




More information about the openssh-unix-dev mailing list