the "primes" file
Niels Provos
provos at citi.umich.edu
Wed Apr 4 06:10:10 EST 2001
In message <Pine.LNX.4.30.0104031615270.8678-100000 at holly.crl.go.jp>, Tom Holro
yd writes:
>SRP has different requirements from Diffie-Hellman. In particular,
>for SRP the generator must be primitive. It turns out that the "primes"
>file contains only safe primes with primitive generators, and is thus
>ideal for SRP, but so far in OpenSSH it has only been used for DH,
>which doesn't require this.
The primes file is used for the Diffie-Hellman group exchange. If
you read the draft, you will see that safe primes are required and
that the generators all generate the full sub-group size q.
>As a side issue, the SRP patch compiles the primes into libssh, and
>provides a function srp_get_param() which could be used to replace the
>file-reading code that is currently in dh.c, as well as an is_safe_group()
>function that can be used to check DH parameters*. This removes
>the requirement of having to install an extra configuration file.
I do not see that as a benefit. The purpose of having an extra file
is that you can use new groups without recompiling the binaries.
>* This is not currently done in OpenSSH -- in fact as far as I can tell,
>using the DH_GEX_SHA1 key exchange method, an attacker can send a modulus
>that is not prime (only the length is checked). Is this not a problem?
No. It is not a problem. You have to trust the server already for
everything that you do. If you do not trust your server, I suggest that
you do not connect to it.
niels.
More information about the openssh-unix-dev
mailing list