the "primes" file

Tom Holroyd tomh at po.crl.go.jp
Wed Apr 4 13:11:50 EST 2001 

On Tue, 3 Apr 2001, Niels Provos wrote:

> The primes file is used for the Diffie-Hellman group exchange.  If
> you read the draft, you will see that safe primes are required and
> that the generators all generate the full sub-group size q.

The draft says, for p = 2q + 1, the order has to be _either_ q or p - 1.

DH only requires the subgroup be of size q, but SRP requires that the
subgroup be of size p - 1.  Now it turns out that the generators in the
"primes" file all generate the full p - 1 group, and in fact the OpenSSL
routine DH_generate_parameters() will always create parameters like this.

But it seems that it *is* allowed (according to the draft) that someday
somebody will use a generator that generates the q subgroup but not the
p - 1 subgroup.  (For example, the diffie-hellman-group1-sha1 prime uses a
generator of 2, but this is unacceptable for SRP; libsrp uses this same
prime with a generator of 5.)

Thus SRP can't use the primes file directly -- although the embeded primes
are built from it (but they are tested to make sure the subgroup is size
p - 1 first).

> >As a side issue, the SRP patch compiles the primes into libssh ...
> >This removes the requirement of having to install an extra
> >configuration file.
> I do not see that as a benefit.  The purpose of having an extra file
> is that you can use new groups without recompiling the binaries.

The current SRP patch also reads from the system configuration file
/etc/tpasswd.conf, both for compatibility with existing SRP installations
and to address your concern.  So you can add new primes without
recompiling.  However if you ever want to *retire* a prime, you must
recompile.

It is not necessary to embed the primes in the binary, but some people
like to have as few configuration files as possible.  Since SRP can't use
the primes file directly, we'd need to have another file (likely
ETCDIR/verifier.conf) that contains all the same values (plus the libsrp
values).  Is retiring primes likely to be an issue?

Dr. Tom Holroyd
"I am, as I said, inspired by the biological phenomena in which
chemical forces are used in repetitious fashion to produce all
kinds of weird effects (one of which is the author)."
	-- Richard Feynman, _There's Plenty of Room at the Bottom_

More information about the openssh-unix-dev mailing list