Diffie Hellman key exchange algorithms

Rob Waite rwaite1 at tampabay.rr.com
Tue Sep 25 14:55:59 EST 2007 

Isn't dh_estimate() only used on the client to find the desired group size?
This is then taken by the server and used to find p and g correct?

OpenSSH is not configurable in this manner... but if someone wanted to force 
larger primes...
couldn't they do this by altering the code? In the code changes I sent 
earlier... you could
force group exchange. And if you picked only large primes in your moduli 
file...
you should be able to force the client to get a large p as long as it is 
within the min
and max sent by the client. I just started looking at the code again (it has 
been a while)
but it seems like the server can control at the very least the size of the 
public and private
numbers generated from p. He would not be able to control how powerful the 
client made
their public and private numbers from the given p... but at least data sent 
out from the server would
be forced to have the symmetric key encrypted using larges primes for the 
assymmetric.

That is assuming that the server has its own symmetric cipher key and the 
client has their own.
If they do in fact share the same key... then I guess you would not be 
protected as the client
could generate a small private number from p... no matter how large. I would 
then expect
that there would be a way to code the server to only accept a certain size 
for the public number
given back to the server by the client.

Is this line of thinking correct? Or does it sounds like garbled nonsense? I 
am kinda sleepy.



----- Original Message ----- 
From: "Damien Miller" <djm at mindrot.org>
To: "Balaraman, Srinath" <srinath_balaraman at mentor.com>
Cc: "Vikram Mhetre" <vmhetre at hotmail.com>; <openssh-unix-dev at mindrot.org>
Sent: Monday, September 24, 2007 8:41 PM
Subject: RE: Diffie Hellman key exchange algorithms


> On Mon, 24 Sep 2007, Balaraman, Srinath wrote:
>
>> Hello All,
>>
>> To add to this question, I also am interested in knowing if the size of
>> the DH key to be negotiated both from the Server and the Client can be
>> configured? If yes, how?
>
> Do you mean the size of the key generated by DH or the size of the group
> used in diffie-hellman-group-exchange-*?
>
> If you mean the former, then the key length is that of the symmetric
> cipher that has been negotiated.
>
> If you mean the latter, then the size of the group is chosen to yield
> a similar attack complexity as the negotiated symmetric cipher. See
> dh.c:dh_estimate() and the comment that preceeds it.
>
> Either way, there is are no configuration knobs.
>
> -d
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>

More information about the openssh-unix-dev mailing list