Re: [86attendees] Pie?
Tero Kivinen <kivinen@iki.fi> Thu, 14 March 2013 15:02 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: 86attendees@ietfa.amsl.com
Delivered-To: 86attendees@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68E6B11E8142 for <86attendees@ietfa.amsl.com>; Thu, 14 Mar 2013 08:02:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oCwuSwKs+sO7 for <86attendees@ietfa.amsl.com>; Thu, 14 Mar 2013 08:02:49 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEDEF11E820F for <86attendees@ietf.org>; Thu, 14 Mar 2013 08:02:45 -0700 (PDT)
Received: from fireball.kivinen.iki.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.14.5/8.14.5) with ESMTP id r2EF1Lve029539 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 14 Mar 2013 17:01:21 +0200 (EET)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.14.5/8.12.11) id r2EF1KK6028046; Thu, 14 Mar 2013 17:01:21 +0200 (EET)
X-Authentication-Warning: fireball.kivinen.iki.fi: kivinen set sender to kivinen@iki.fi using -f
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <20801.58944.846117.787676@fireball.kivinen.iki.fi>
Date: Thu, 14 Mar 2013 17:01:20 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: Stephane Bortzmeyer <bortzmeyer+ietf@nic.fr>
In-Reply-To: <20130314143540.GA16749@laperouse.bortzmeyer.org>
References: <CAPRuP3nnSCr5Wd42RsEPOxPLr-9323Bp_juL8GwhUe5sXMj03Q@mail.gmail.com> <E1UG92n-00067N-00@www.xplot.org> <20130314143540.GA16749@laperouse.bortzmeyer.org>
X-Mailer: VM 7.19 under Emacs 21.4.1
X-Edit-Time: 11 min
X-Total-Time: 13 min
Cc: "86attendees@ietf.org" <86attendees@ietf.org>
Subject: Re: [86attendees] Pie?
X-BeenThere: 86attendees@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <86attendees.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/86attendees>, <mailto:86attendees-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/86attendees>
List-Post: <mailto:86attendees@ietf.org>
List-Help: <mailto:86attendees-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/86attendees>, <mailto:86attendees-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2013 15:02:51 -0000
Stephane Bortzmeyer writes: > > If you're not already aware of this, read the Tau Manifesto > > I'm not sure it has practical consequences for the IETF. Is there even > one RFC which uses the number Pi? ("pi" in RFC 2865 is a different > beast) Almost all of our security protocols doing Diffie-Hellman uses Pi. For example RFCs 2409, 2412, 2539, 2786, 3526, 4306, 4535, 5054, 5201, and 5996. And of course all documents referencing to those RFCs. Just using grep and searching first 32 bits of PI in hex gives that list... > fgrep -li 'C90FDAA2' rfc*.txt rfc2409.txt rfc2412.txt rfc2539.txt rfc2786.txt rfc3526.txt rfc4306.txt rfc4535.txt rfc5054.txt rfc5201.txt rfc5683.txt rfc5996.txt >From 2412 you can find reason for that: ---------------------------------------------------------------------- APPENDIX E The Well-Known Groups ... Classical Diffie-Hellman Modular Exponentiation Groups The primes for groups 1 and 2 were selected to have certain properties. The high order 64 bits are forced to 1. This helps the classical remainder algorithm, because the trial quotient digit can always be taken as the high order word of the dividend, possibly +1. The low order 64 bits are forced to 1. This helps the Montgomery- style remainder algorithms, because the multiplier digit can always be taken to be the low order word of the dividend. The middle bits are taken from the binary expansion of pi. This guarantees that they are effectively random, while avoiding any suspicion that the primes have secretly been selected to be weak. Because both primes are based on pi, there is a large section of overlap in the hexadecimal representations of the two primes. The primes are chosen to be Sophie Germain primes (i.e., (P-1)/2 is also prime), to have the maximum strength against the square-root attack on the discrete logarithm problem. The starting trial numbers were repeatedly incremented by 2^64 until suitable primes were located. Because these two primes are congruent to 7 (mod 8), 2 is a quadratic residue of each prime. All powers of 2 will also be quadratic residues. This prevents an opponent from learning the low order bit of the Diffie-Hellman exponent (AKA the subgroup confinement problem). Using 2 as a generator is efficient for some modular exponentiation algorithms. [Note that 2 is technically not a generator in the number theory sense, because it omits half of the possible residues mod P. From a cryptographic viewpoint, this is a virtue.] -- kivinen@iki.fi
- Re: [86attendees] Pie? Jon Hudson
- [86attendees] Pie? Scott Brim
- Re: [86attendees] Pie? Dave Crocker
- Re: [86attendees] Pie? Scott Brim
- Re: [86attendees] Pie? Mary Barnes
- Re: [86attendees] Pie? Spencer Dawkins
- Re: [86attendees] Pie? Robin Wilton
- Re: [86attendees] Pie? Stephane Bortzmeyer
- Re: [86attendees] Pie? Andrew Mcgregor
- Re: [86attendees] Pie? Tim Shepard
- Re: [86attendees] Pie? Stephane Bortzmeyer
- Re: [86attendees] Pie? Carlos M. Martinez
- Re: [86attendees] Pie? Joe Hildebrand (jhildebr)
- Re: [86attendees] Pie? Michael Richardson
- Re: [86attendees] Pie? Tero Kivinen
- Re: [86attendees] Pie? Stephane Bortzmeyer
- Re: [86attendees] Pie? Carlos M. Martinez
- Re: [86attendees] Pie? Yaakov Stein
- Re: [86attendees] Pie? John Levine
- Re: [86attendees] Pie? Robin Wilton
- Re: [86attendees] Pie? Stephen Botzko
- Re: [86attendees] Pie? Jonathan Lennox
- Re: [86attendees] Pie? Stephen Botzko
- Re: [86attendees] Pie? Randall Gellens
- Re: [86attendees] Pie? Randall Gellens