ssh-keygen generator 3 broken
Sean
sean at highsec.org
Sun Dec 24 06:52:23 AEDT 2023
Hello, I was re-generating the moduli for SSH, and during that process I noticed that, when running the following command:
ssh-keygen -M screen -O prime-tests=600 -O generator=3 -f moduli-2048-01.candidates moduli-2048-01c
It does not produce any errors, only the following:
ebug2: 1467763: (4) Sophie-Germain
debug2: 1467763: generator 0 != 3
debug2: 1467764: (4) Sophie-Germain
debug2: 1467764: generator 2 != 3
debug2: 1467765: (4) Sophie-Germain
debug2: 1467765: generator 5 != 3
debug2: 1467766: (4) Sophie-Germain
debug2: 1467766: generator 0 != 3
debug2: 1467767: (4) Sophie-Germain
debug2: 1467767: generator 0 != 3
debug2: 1467768: (4) Sophie-Germain
debug2: 1467768: generator 5 != 3
debug2: 1467769: (4) Sophie-Germain
debug2: 1467769: generator 2 != 3
debug2: 1467770: (4) Sophie-Germain
debug2: 1467770: generator 5 != 3
debug2: 1467771: (4) Sophie-Germain
debug2: 1467771: generator 2 != 3
debug2: 1467772: (4) Sophie-Germain
debug2: 1467772: generator 2 != 3
debug2: 1467773: (4) Sophie-Germain
debug2: 1467773: generator 5 != 3
debug2: 1467774: (4) Sophie-Germain
debug2: 1467774: generator 0 != 3
debug2: 1467775: (4) Sophie-Germain
debug2: 1467775: generator 0 != 3
debug2: 1467776: (4) Sophie-Germain
debug2: 1467776: generator 5 != 3
debug2: 1467777: (4) Sophie-Germain
debug2: 1467777: generator 5 != 3
debug2: 1467778: (4) Sophie-Germain
debug2: 1467778: generator 2 != 3
debug2: 1467779: (4) Sophie-Germain
debug2: 1467779: generator 2 != 3
debug2: 1467780: (4) Sophie-Germain
debug2: 1467780: generator 0 != 3
debug2: 1467781: (4) Sophie-Germain
debug2: 1467781: generator 0 != 3
debug2: 1467782: (4) Sophie-Germain
debug2: 1467782: generator 2 != 3
Found 0 safe primes of 0 candidates in 15 seconds
it always results in 0 file size. I had no issues using generator 2 and generator 5. So for some reason, there only seem to be generators 2 and 5, while that seems to check for generator 0, but if you try to use that in the command, it produces the error:
Generator invalid: 0 (too small)
even though the documentation lists:
By default, each candidate will be subjected to 100 primality tests. This may be overridden using the -O prime-tests option. The DH generator value will be chosen automatically for the prime under consideration. If a specific generator is desired, it may be requested using the -O generator option. Valid generator values are 2, 3, and 5.
More information about the openssh-unix-dev
mailing list