Re: [TLS] MODP group modulus derivation [was: Re: I can has SHA-1 hashes for RFC 2409/3526 MODP groups?]
Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 12 March 2014 22:09 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD3281A079D for <tls@ietfa.amsl.com>; Wed, 12 Mar 2014 15:09:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.447
X-Spam-Level:
X-Spam-Status: No, score=-2.447 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RP_MATCHES_RCVD=-0.547] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0lMwTuyejLLc for <tls@ietfa.amsl.com>; Wed, 12 Mar 2014 15:09:04 -0700 (PDT)
Received: from mx2.auckland.ac.nz (mx2.auckland.ac.nz [130.216.125.245]) by ietfa.amsl.com (Postfix) with ESMTP id 793201A0764 for <tls@ietf.org>; Wed, 12 Mar 2014 15:09:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=uoa; t=1394662138; x=1426198138; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=cmqnyQ4ZtW8BPXaJH5P01+cfQjFYjtLg5F6J9yEKYZc=; b=kxVN/eM/Ovp3aBMWzuZt186T9LROO543hznUV/1W/TgUTHsedowhmbWW otmZfjUpyI9IikUaSZwNudfMZFAAHBEwujlZpRZ6tibZTz9MCETIlNOOx D6/qBibSzXlFDYf1pBt2vuLf8OPIwVoC0FM9FLLOoTKIQSGJyUqDfIEQx c=;
X-IronPort-AV: E=Sophos;i="4.97,641,1389697200"; d="scan'208";a="239227251"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.125 - Outgoing - Outgoing
Received: from uxchange10-fe3.uoa.auckland.ac.nz ([130.216.4.125]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES128-SHA; 13 Mar 2014 11:08:56 +1300
Received: from UXCN10-6.UoA.auckland.ac.nz ([169.254.10.53]) by uxchange10-fe3.UoA.auckland.ac.nz ([130.216.4.125]) with mapi id 14.03.0174.001; Thu, 13 Mar 2014 11:08:56 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "<tls@ietf.org>" <tls@ietf.org>, "ietf-ssh@netbsd.org" <ietf-ssh@netbsd.org>
Thread-Topic: [TLS] MODP group modulus derivation [was: Re: I can has SHA-1 hashes for RFC 2409/3526 MODP groups?]
Thread-Index: Ac8+P6khvKF7r+7sSbqbCVajK6GYkw==
Date: Wed, 12 Mar 2014 22:08:55 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C737238AAAF@uxcn10-6.UoA.auckland.ac.nz>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/7WHR5rhFdOL2c2Hq1YQXwtmlfjU
Subject: Re: [TLS] MODP group modulus derivation [was: Re: I can has SHA-1 hashes for RFC 2409/3526 MODP groups?]
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Mar 2014 22:09:09 -0000
Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes: >It's not clear to me that there is any advantage in a DH key exchange to >using the RFC 5114 discrete log groups. There's actually an enormous disadvantage to using those groups, the RFC 3526 and earlier MODP groups set the generator to 2, which is quite efficient to work with. RFC 5114 uses a generator of the same size as the prime, which is stunningly inefficient (I've referred to the 5114 groups as the "WTF groups" in code in the past). I have no idea why the RFC would choose such an awful generator... Peter.
- Re: [TLS] MODP group modulus derivation [was: Re:… Peter Gutmann
- Re: [TLS] MODP group modulus derivation [was: Re:… Jeffrey Hutzelman
- Re: [TLS] MODP group modulus derivation [was: Re:… Daniel Kahn Gillmor
- Re: [TLS] MODP group modulus derivation [was: Re:… Fedor Brunner
- Re: [TLS] MODP group modulus derivation [was: Re:… Peter Gutmann