Subject: Re: /etc/primes (was: CVS commit: basesrc)
To: Bernd Ernesti <>
From: Steven M. Bellovin <>
List: tech-security
Date: 05/27/2001 15:08:18
In message <>, Bernd Ernesti writes:
>On Sun, May 27, 2001 at 02:24:22AM +0300, Jun-ichiro itojun Hagino wrote:
>> Module Name:	basesrc
>> Committed By:	itojun
>> Date:		Sat May 26 23:24:22 UTC 2001
>> Update of /cvsroot/basesrc/crypto/dist/ssh
>> In directory
>> Log Message:
>> prime table for OpenSSH, from OpenBSD etc/primes
>Hmmm, there is no documentation about this file.
>sshd(8) only decribes this:
>Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
>Nothing more about the format.
>How do we know that the imported file is okay and how do we generate a new one

From a quick glance -- a *very* quick glance -- at the code, you don't 
want to do anything.

In a Diffie-Hellman exchange, both sides need to agree on a (generally 
prime) modulus and a generator for the group of integers less than that 
modulus.  If both sides don't agree, you can't talk.  /etc/primes is a 
list of other moduli and generators to use, and there's some logic to 
pick randomly from the "appropriate" ones.  Again, though, both sides 
have to have the same list.  (I haven't checked either the code or the 
spec to see if there's any negotiation.)

Should you pick a different group?  Probably not, at this point.  The 
default group appears to use a 1024-bit modulus; cracking that is 
almost certainly beyond the reach of just about anyone, up to and 
including your favorite spooks.  That said, solving a DH exchange is a 
"brittle" problem -- for a lot of work up front, any individual 
instance can be solved "fairly" cheaply.  

If you want to be paranoid, verify that the number in kex.c really is a 
prime, and that 2 really is a generator of the group.

		--Steve Bellovin,