RE: IPS security draft: SRP groups
vince_cavanna@agilent.com Fri, 12 July 2002 02:20 UTC
Received: from ece.cmu.edu (ECE.CMU.EDU [128.2.136.200]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA20085 for <ips-archive@odin.ietf.org>; Thu, 11 Jul 2002 22:20:47 -0400 (EDT)
Received: (from majordom@localhost) by ece.cmu.edu (8.11.0/8.10.2) id g6C27wF22849 for ips-outgoing; Thu, 11 Jul 2002 22:07:58 -0400 (EDT)
X-Authentication-Warning: ece.cmu.edu: majordom set sender to owner-ips@ece.cmu.edu using -f
Received: from msgbas2.cos.agilent.com (msgbas2x.cos.agilent.com [192.25.240.37]) by ece.cmu.edu (8.11.0/8.10.2) with ESMTP id g6C27vX22844 for <ips@ece.cmu.edu>; Thu, 11 Jul 2002 22:07:57 -0400 (EDT)
Received: from msgrel1t.cos.agilent.com (msgrel1t.cos.agilent.com [130.29.152.157]) by msgbas2.cos.agilent.com (Postfix) with ESMTP id 653831B90; Thu, 11 Jul 2002 20:07:56 -0600 (MDT)
Received: from axcsbh3.cos.agilent.com (axcsbh3.cos.agilent.com [130.29.152.190]) by msgrel1t.cos.agilent.com (Postfix) with SMTP id 165D7514; Thu, 11 Jul 2002 20:07:56 -0600 (MDT)
Received: from 130.29.152.190 by axcsbh3.cos.agilent.com (InterScan E-Mail VirusWall NT); Thu, 11 Jul 2002 20:07:55 -0600
Received: by axcsbh3.cos.agilent.com with Internet Mail Service (5.5.2653.19) id <3S5DM6JK>; Thu, 11 Jul 2002 20:07:55 -0600
Message-ID: <01A7DAF31F93D511AEE300D0B706ED9201BF49EF@axcs13.cos.agilent.com>
From: vince_cavanna@agilent.com
To: Black_David@emc.com
Cc: ips@ece.cmu.edu, tom@arcot.com, vince_cavanna@agilent.com, pat_thaler@agilent.com, dave_sheehy@agilent.com
Subject: RE: IPS security draft: SRP groups
Date: Thu, 11 Jul 2002 20:07:53 -0600
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by ece.cmu.edu id g6C27vX22845
Sender: owner-ips@ece.cmu.edu
Precedence: bulk
Content-Transfer-Encoding: 8bit
Hi David, I can't prove so, but Mathematica from Wolfram certifies as prime (in a matter seconds) all five moduli specified in the iSCSI security draft for use in SRP! I used the PrimeQ built-in function. PrimeQ first tests for divisibility using small primes, then uses the MillerĀRabin strong pseudoprime test base 2 and base 3, and then uses a Lucas test. I have not explored the nature of these tests. Vince |-----Original Message----- |From: Black_David@emc.com [mailto:Black_David@emc.com] |Sent: Monday, July 08, 2002 7:34 AM |To: tom@arcot.com |Cc: ips@ece.cmu.edu |Subject: RE: IPS security draft: SRP groups | | |MANY THANKS -- Tom's earned his promised 30 |minutes of fame ... although those 30 minutes may come at |the ipr BOF in Yokohama on Friday :-) :-). | |For the security draft, specifying one of the acceptable |generators from Tom's lists for each of the IKE groups and |noting that the primes from the SRP distribution were |probabilistically generated should be sufficient ... |but there's still 30 minute of fame available for someone |who tackles proving that the SRP primes are prime, as there |is significant IETF interest in SRP outside of iSCSI - any takers? | |Thanks, --David | |> -----Original Message----- |> From: Tom Wu [mailto:tom@arcot.com] |> Sent: Monday, July 08, 2002 12:23 AM |> To: Black_David@emc.com |> Cc: ips@ece.cmu.edu |> Subject: Re: IPS security draft: SRP groups |> |> |> David, |> |> I'll tackle the SRP generator issue: |> |> For the Oakley Group 2 (1024 bit prime) defined in RFC2412: |> Primitive roots (acceptable as SRP generators): |> 5,11,13,19,29,31 |> Subgroup generators (NOT acceptable): |> 2,3,7,17,23 |> |> (MODP moduli taken from draft-ietf-ipsec-ike-modp-groups-04.txt) |> For the 1536-bit MODP group: |> Acceptable generators: |> 31 |> NOT acceptable generators: |> 2,3,5,7,11,13,17,19,23,29 |> |> For the 2048-bit MODP group: |> Acceptable generators: |> 11,13,17,23,29,31 |> NOT acceptable generators: |> 2,3,5,7,19 |> |> For the 3072-bit MODP group: |> Acceptable generators: |> 5,7,17,23,31 |> NOT acceptable generators: |> 2,3,11,13,19,29 |> |> For the 4096-bit MODP group: |> Acceptable generators: |> 5,13,29,31 |> NOT acceptable generators: |> 2,3,7,11,17,19,23 |> |> For the 6144-bit MODP group: |> Acceptable generators: |> 5,11,13,17,23,29 |> NOT acceptable generators: |> 2,3,7,19,31 |> |> For the 8192-bit MODP group: |> Acceptable generators: |> 19,23,29,31 |> NOT acceptable generators: |> 2,3,5,7,11,13,17 |> |> All the above generators are in base 10 (decimal). |> |> As far as proving the primality of the SRP moduli, that |> should be done |> by someone with more expertise in the area. I should point out that |> those moduli are also "safe primes", i.e. both N and (N-1)/2 |> are prime, |> so it is easy to find generators for them, and I chose |> numbers that had |> 2 as safe SRP generators. |> |> Tom |> |> Black_David@emc.com wrote: |> > Missed this earlier, sorry ... |> > |> > |> >>Ok. I didn't know that but I probably would have learned |> it if I had |> >>done the necessary reading about groups and generators. |> But the point |> >>of my question wasn't "is it possible to compute g" but rather "how |> >>about supplying g in the spec" (since the g=2 from IKE is not |> >>appropriate). It seems a bit redundant for everyone to repeat the |> >>search for a suitable g... |> >> |> >>So what's the story about unlisted groups? Is an |> implementation that |> >>accepts only the groups listed in appendix A, but not any "locally |> >>generated" ones, a compliant implementation? |> >> |> > |> > Yes - accepting those groups and only those groups is the minimum |> > (MUST) requirement. If the IKE groups are to remain allowed, we |> > need to specify generators for their use with SRP - please consider |> > this to be a serious *PLEA* for someone to volunteer to do the |> > crpto-theoretic number crunching needed to find SRP generators for |> > those groups and/or prove the primality of the SRP primes. Lack of |> > progress here has the potential to hold up the security draft on |> > which *all* of our protocol drafts depend (normative references). |> > We can promise at least 30 minutes of fame (*twice* the proverbial |> > 15 ;-) ) to those who resolve this issue ... |> > |> > Thanks, |> > --David |> > --------------------------------------------------- |> > David L. Black, Senior Technologist |> > EMC Corporation, 42 South St., Hopkinton, MA 01748 |> > +1 (508) 249-6449 FAX: +1 (508) 497-8018 |> > black_david@emc.com Mobile: +1 (978) 394-7754 |> > --------------------------------------------------- |> |> |> -- |> Tom Wu |> Principal Software Engineer |> Arcot Systems |> (408) 969-6124 |> "The Borg? Sounds Swedish..." |> |
- RE: IPS security draft: SRP groups Black_David
- RE: IPS security draft: SRP groups vince_cavanna
- Re: IPS security draft: SRP groups Bernard Aboba
- IPS security draft: SRP groups Paul Koning
- RE: IPS security draft: SRP groups vince_cavanna
- Re: IPS security draft: SRP groups Paul Koning
- Re: IPS security draft: SRP groups Tom Wu
- RE: IPS security draft: SRP groups Paul Koning
- RE: IPS security draft: SRP groups vince_cavanna
- RE: IPS security draft: SRP groups Black_David