**Subject:** Re: /etc/primes (was: CVS commit: basesrc)

**To:** Bernd Ernesti *<netbsd@arresum.inka.de>*

**From:** Steven M. Bellovin *<smb@research.att.com>*

**List:** tech-security

**Date:** 05/27/2001 15:08:18
In message <20010527203703.A20963@arresum.veego.de>, Bernd Ernesti writes:
>On Sun, May 27, 2001 at 02:24:22AM +0300, Jun-ichiro itojun Hagino wrote:
>>
>> Module Name: basesrc
>> Committed By: itojun
>> Date: Sat May 26 23:24:22 UTC 2001
>>
>> Update of /cvsroot/basesrc/crypto/dist/ssh
>> In directory netbsd.hut.fi:/tmp/cvs-serv21097
>>
>> Log Message:
>> prime table for OpenSSH, from OpenBSD etc/primes
>
>Hmmm, there is no documentation about this file.
>sshd(8) only decribes this:
>Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
>
>Nothing more about the format.
>
>How do we know that the imported file is okay and how do we generate a new one
>?
From a quick glance -- a *very* quick glance -- at the code, you don't
want to do anything.
In a Diffie-Hellman exchange, both sides need to agree on a (generally
prime) modulus and a generator for the group of integers less than that
modulus. If both sides don't agree, you can't talk. /etc/primes is a
list of other moduli and generators to use, and there's some logic to
pick randomly from the "appropriate" ones. Again, though, both sides
have to have the same list. (I haven't checked either the code or the
spec to see if there's any negotiation.)
Should you pick a different group? Probably not, at this point. The
default group appears to use a 1024-bit modulus; cracking that is
almost certainly beyond the reach of just about anyone, up to and
including your favorite spooks. That said, solving a DH exchange is a
"brittle" problem -- for a lot of work up front, any individual
instance can be solved "fairly" cheaply.
If you want to be paranoid, verify that the number in kex.c really is a
prime, and that 2 really is a generator of the group.
--Steve Bellovin, http://www.research.att.com/~smb