[erlang-questions] SSL and hardcoded DH prime
Hans Nilsson R
hans.r.nilsson@REDACTED
Fri Aug 24 11:35:46 CEST 2018
Check the ssh-keygen command with -G and -T
https://man.openbsd.org/ssh-keygen#MODULI_GENERATION
or try the Erlang/OTP function public_key:dh_gex_group/4 which randomly selects a good prime from a pre-generated list of such:
1> public_key:dh_gex_group(1024, 1024, 1024, undefined).
{ok,{1023,
{5,
137423569441246262992289626302405506810075372518201635033473127540045433614984773406065519964899878780586235832348933590594300290793347611716697640359482924853366011641117770719027755146909495326369377183195861495553717174988136205384838926110458474346294939275424613035724229598089601829380531182016066518343}}}
2> public_key:dh_gex_group(1024, 1024, 1024, undefined).
{ok,{1023,
{2,
137423569441246262992289626302405506810075372518201635033473127540045433614984773406065519964899878780586235832348933590594300290793347611716697640359482924853366011641117770719027755146909495326369377183195861495553717174988136205384838926110458474346294939275424613035724229598089601829380531182016051761379}}}
3>
/Hans
On 08/24/2018 10:52 AM, Alexander Petrovsky wrote:
> Oh, thanks, I don't know about that, it's very helpful.
>
> пт, 24 авг. 2018 г. в 11:41, Hans Nilsson R <hans.r.nilsson@REDACTED>:
>
>> Hi!
>>
>> You can't just grab any prime and use it in DH. Any prime will work, but
>> very
>> few primes are safe to use. And to find a safe prime is a slow process...
>>
>> Only one out of 400000 1024-bits primes are safe according to
>>
>>
>> https://security.stackexchange.com/questions/5263/where-do-i-get-prime-numbers-for-diffie-hellman-can-i-use-them-twice
>>
>> /Hans
>>
>> On 08/23/2018 04:57 PM, Alexander Petrovsky wrote:
>>> Hello!
>>>
>>> We have stumble upon default DH prime (2048 bits) in Erlang when we try
>> to
>>> establish TLS session with cisco spa303 (VoIP hardphone)
>>> via TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) cipher suite.
>> Unfortunately,
>>> this hardphone can work only with 1024 bit DH prime.
>>>
>>> I wonder, why Ingela hardcoded this DH prime -
>>>
>> https://github.com/erlang/otp/commit/3458af579af6600870c5ada69b81085f47e9f52b
>>>
>>> In my synthetical tests, new DH prime generation is fast enough
>>> (crypto:strong_rand_bytes(256)), about 17 us in 99 percentile in 1000000
>>> iterations.
>>>
>>> Why Ingela has hardcoded this DH prime and is any reason why I shouldn't
>>> generate DH prime in real-time?
>>>
>>>
>>>
>>> _______________________________________________
>>> erlang-questions mailing list
>>> erlang-questions@REDACTED
>>> http://erlang.org/mailman/listinfo/erlang-questions
>>>
>> _______________________________________________
>> erlang-questions mailing list
>> erlang-questions@REDACTED
>> http://erlang.org/mailman/listinfo/erlang-questions
>>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4161 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20180824/75778f10/attachment.bin>
More information about the erlang-questions
mailing list