IETF Logo Mail Archive

Re: [Cfrg] DH, not ECDH, subgroup attack question

Robert Moskowitz <rgm-sec@htt-consult.com> Tue, 28 January 2020 23:29 UTC

Return-Path: <rgm-sec@htt-consult.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5253120100 for <cfrg@ietfa.amsl.com>; Tue, 28 Jan 2020 15:29:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gsM4vk6xttMa for <cfrg@ietfa.amsl.com>; Tue, 28 Jan 2020 15:29:16 -0800 (PST)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 901001200FF for <cfrg@irtf.org>; Tue, 28 Jan 2020 15:29:16 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id DA8CC62162; Tue, 28 Jan 2020 18:29:14 -0500 (EST)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id uileIlV8pZjP; Tue, 28 Jan 2020 18:29:10 -0500 (EST)
Received: from lx140e.htt-consult.com (unknown [192.168.160.12]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 7475962132; Tue, 28 Jan 2020 18:29:10 -0500 (EST)
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, Richard Barnes <rlb@ipv.sx>
Cc: IRTF CFRG <cfrg@irtf.org>
References: <93a5af6f-e40b-a3aa-ef1e-17ac1feb9ace@htt-consult.com> <CAL02cgRkbcrcgvNzueqQeGEFxMX_pO=JuEuys5txZYqcff3kxw@mail.gmail.com> <1580253099227.42957@cs.auckland.ac.nz>
From: Robert Moskowitz <rgm-sec@htt-consult.com>
Message-ID: <627d0b50-730c-cf2d-eeaf-cdbbb1237efd@htt-consult.com>
Date: Tue, 28 Jan 2020 18:29:09 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2
MIME-Version: 1.0
In-Reply-To: <1580253099227.42957@cs.auckland.ac.nz>
Content-Type: multipart/alternative; boundary="------------13F96DEB069353ABE9C311F9"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/mdskNJ8CpkCMCVskKb4lcARGtHM>
Subject: Re: [Cfrg] DH, not ECDH, subgroup attack question
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jan 2020 23:29:37 -0000


On 1/28/20 6:11 PM, Peter Gutmann wrote:
>
> Just a nitpick, just saw the thread, this is a DH subgroup attack 
> question, not an ECDH subgroup attack question.
>

Oh?  Thank you for nit picking.

So if the keys used in the DH exchange are ony NIST p256 and p384 this 
test is not needed?

This issue was brought to my attention in a security review on use of 
p256 keys in exchange.   I just ran without digging into what I needed 
to add without catching what KIND of DH exchange it applies to....

Now I have to read the comment again and figure this all out.

Fun.  By some definition of fun.

v2.23.0 | Report a Bug | By Email