Cryptography-Digest Digest #459

Sat, 24 Apr 1999 09:21:06 -0700 

Cryptography-Digest Digest #459, Volume #9       Sat, 24 Apr 99 13:13:04 EDT

Contents:
  Re: password pattern recognition ("chris G�nther")
  Re: choosing g in DH (David P Jablon)
  Re: choosing g in DH (David P Jablon)
  Re: choosing g in DH (David P Jablon)
  Re: choosing g in DH (David P Jablon)

----------------------------------------------------------------------------

From: "chris G�nther" <[EMAIL PROTECTED]>
Subject: Re: password pattern recognition
Date: Sat, 24 Apr 1999 17:35:38 +0200

OK,

atached to this file you find the stored procedure which generates the
passwords, but I feel I have to explain some things about it in advance:
This is not an encryption thing or so, it's just a collection of
SQL-Commands which gets some numbers and some characters (the characters
come out of a table within my SQL-Server) and concatinates them together to
an unique password which is used for the first login of a user.

The SQL-File attached is an ASCII (or pro�ably an UUENCODE) Text-File which
can be opened in any editor. It is propably best viewed with an Editor which
understands SQL-Commands and Syntax like UEdit32.

But anyway I'm very glad that you are willing to look over it. If you have
any questions or comments about the sql-commands used within it feel free to
mail me.

thanks alot for the possibility to post this here.
    chris



begin 666 XprcCrtIUserPasswd.sql
M+RH@36EC<F]S;V9T(%-13"!397)V97(@+2!3:W)I<'0M17)S=&5L;'5N9PD)
M"2HO#0HO*B!397)V97(Z(%A?2$]%4DY#2$5."0D)*B\-"B\J($1A=&5N8F%N
M:SH@=FED96]D90D)"2HO#0HO*B!%<G-T96QL=6YG<V1A='5M(#(T+C T+CDY
M(#$W.C,P.C,W( D)"2HO#0H-"B\J*BHJ*BH@3V)J96MT.B @4F5G96P@9&)O
M+G)U;&5&3TX@(" @4VMR:7!T9&%T=6TZ(#(T+C T+CDY(#$W.C,P.C,Y("HJ
M*BHJ*B\-"D-214%412!254Q%(')U;&5&3TX@05,@0$9/3B!,24M%("<E6S M
M.2PM+"\L(%TG#0H-"D=/#0H-"B\J*BHJ*BH@3V)J96MT.B @4F5G96P@9&)O
M+G)U;&5::7!#;V1E(" @(%-K<FEP=&1A='5M.B R-"XP-"XY.2 Q-SHS,#HS
M.2 J*BHJ*BHO#0I#4D5!5$4@4E5,12!R=6QE6FEP0V]D92!!4R! 6FEP0V]D
M92!,24M%("<E6S M.5TG#0H-"D=/#0H-"B\J*BHJ*BH@3V)J96MT.B @0F5N
M=71Z97)D871E;G1Y<"!U9&1T1D].(" @(%-K<FEP=&1A='5M.B R-"XP-"XY
M.2 Q-SHS,#HS.2 J*BHJ*BHO#0IS971U<V5R("=D8F\G#0I'3PT*#0I%6$5#
M('-P7V%D9'1Y<&4@)W5D9'1&3TXG+" G8VAA<B H,S I)RP@)VYU;&PG#0I'
M3PT*#0IS971U<V5R#0I'3PT*#0IS971U<V5R("=D8F\G#0I'3PT*#0I%6$5#
M('-P7V)I;F1R=6QE("=D8F\N<G5L949/3B<L("=U9&1T1D].)PT*1T\-"@T*
M<V5T=7-E<@T*1T\-"@T*+RHJ*BHJ*B!/8FIE:W0Z("!"96YU='IE<F1A=&5N
M='EP('5D9'1::7!#;V1E(" @(%-K<FEP=&1A='5M.B R-"XP-"XY.2 Q-SHS
M,#HS.2 J*BHJ*BHO#0IS971U<V5R("=D8F\G#0I'3PT*#0I%6$5#('-P7V%D
M9'1Y<&4@)W5D9'1::7!#;V1E)RP@)V-H87(@*#4I)RP@)VYU;&PG#0I'3PT*
M#0IS971U<V5R#0I'3PT*#0IS971U<V5R("=D8F\G#0I'3PT*#0I%6$5#('-P
M7V)I;F1R=6QE("=D8F\N<G5L95II<$-O9&4G+" G=61D=%II<$-O9&4G#0I'
M3PT*#0IS971U<V5R#0I'3PT*#0HO*BHJ*BHJ($]B:F5K=#H@(%1A8F5L;&4@
M9&)O+G1B;$E5<V5R(" @(%-K<FEP=&1A='5M.B R-"XP-"XY.2 Q-SHS,#HS
M.2 J*BHJ*BHO#0I#4D5!5$4@5$%"3$4@9&)O+G1B;$E5<V5R("@-"@E02V5Y
M(&EN="!)1$5.5$E462 H,2P@,2D@3D]4($Y53$P@+ T*"4E5<V5R3DYA;64@
M=F%R8VAA<B H,S I($Y/5"!.54Q,("P-"@E)57-E<E9.86UE('9A<F-H87(@
M*#,P*2!.3U0@3E5,3" L#0H)255S97).:6-K;F%M92!V87)C:&%R("@S,"D@
M3D]4($Y53$P@+ T*"4E5<V5R3&]G:6X@=F%R8VAA<B H-#(I($Y53$P@+ T*
M"4E5<V5R3&]G:6Y3=69F:7@@:6YT($Y53$P@0T].4U1204E.5"!$1E]T8FQ)
M57-E<E])57-E<DQO9VEN4W5F9FEX($1%1D%53%0@*&-O;G9E<G0H:6YT+# I
M*2P-"@E)57-E<E!A<W-W9"!V87)C:&%R("@X*2!.3U0@3E5,3" L#0H)255S
M97)'96YD97(@8FET($Y/5"!.54Q,($-/3E-44D%)3E0@1$9?=&)L255S97)?
M255S97)'96YD97(@1$5&055,5" H8V]N=F5R="AB:70L,2DI+ T*"4E5<V5R
M0D1A>2!D871E=&EM92!.54Q,("P-"@E)57-E<D1E<V,@=&5X="!.54Q,("P-
M"@E)57-E<D-O=6YT<GD@<VUA;&QI;G0@3E5,3" L#0H)255S97)296=I;VX@
M=F%R8VAA<B H,S I($Y53$P@+ T*"4E5<V5R4W1R965T('9A<F-H87(@*#$P
M,"D@3E5,3" L#0H)255S97)$95II<$-O9&4@=61D=%II<$-O9&4@3E5,3" L
M#0H)255S97)/8UII<$-O9&4@=F%R8VAA<B H,3 I($Y53$P@+ T*"4E5<V5R
M5&]W;B!V87)C:&%R("@Q,# I($Y53$P@+ T*"4E5<V5R1D].('5D9'1&3TX@
M3E5,3" L#0H)255S97)&87@@=61D=$9/3B!.54Q,("P-"@E)57-E<DUO8FEL
M('5D9'1&3TX@3E5,3" L#0H)255S97))0U$@=F%R8VAA<B H,C I($Y53$P@
M+ T*"4E5<V5R16UA:6P@=F%R8VAA<B H,34P*2!.54Q,("P-"@E)57-E<DA4
M5% @=F%R8VAA<B H,C P*2!.54Q,("P-"@E)57-E<E)E8V]G4WES=&5M(&-H
M87(@*#$I($Y/5"!.54Q,($-/3E-44D%)3E0@1$9?=&)L255S97)?255S97)2
M96-O9U-Y<W1E;2!$149!54Q4("AC;VYV97)T*&-H87(L)W$G*2DL#0H)255S
M97)0<F]C240@:6YT($Y/5"!.54Q,("P-"@E)57-E<E%U97-T:6]N('9A<F-H
M87(@*#$P,"D@3E5,3"!#3TY35%)!24Y4($1&7W1B;$E5<V5R7TE5<V5R475E
M<W1I;VX@1$5&055,5" H8V]N=F5R="AV87)C:&%R+"=7:64@=V%R(&1E<B!-
MA&1C:&5N;F%M92!):')E<B!-=71T97(G*2DL#0H)255397)!;G-W97(@=F%R
M8VAA<B H,3 P*2!.54Q,("P-"@E)57-E<D9I<G-T3&]G:6X@8FET($Y/5"!.
M54Q,($-/3E-44D%)3E0@1$9?=&)L255S97)?255S97)&:7)S=$QO9VEN($1%
M1D%53%0@*&-O;G9E<G0H8FET+#$I*2P-"@E)1%,@8FET($Y/5"!.54Q,($-/
M3E-44D%)3E0@1$9?=&)L255S97)?2413($1%1D%53%0@*&-O;G9E<G0H8FET
M+#$I*2P-"@E)57-E<DQA<W15<&1A=&4@9&%T971I;64@3E5,3" L#0H)255S
M97),87-T57!D871E57-E<B!C:&%R("@S*2!.54Q,("P-"@E)57-E<D-R96%T
M:6]N1&%T92!D871E=&EM92!.54Q,("P-"@E)57-E<D-R96%T:6]N57-E<B!C
M:&%R("@S*2!.54Q,("P-"@E)57-E<E1I;653=&%M<"!T:6UE<W1A;7 @3D]4
M($Y53$P@+ T*"4-/3E-44D%)3E0@<&M?255S97)?2V5Y(%!224U!4ED@2T59
M("!#3%535$52140@#0H)* T*"0E02V5Y#0H)*0T**0T*1T\-"@T*($-214%4
M12 @24Y$15@@:7A?255S97)?4&%S<W=D($].(&1B;RYT8FQ)57-E<BA)57-E
M<E!A<W-W9"D-"D=/#0H-"G-E='5S97(@)V1B;R<-"D=/#0H-"D5814,@<W!?
M8FEN9')U;&4@)V1B;RYR=6QE6FEP0V]D92<L("=T8FQ)57-E<BY)57-E<D1E
M6FEP0V]D92<-"D=/#0H-"D5814,@<W!?8FEN9')U;&4@)V1B;RYR=6QE1D].
M)RP@)W1B;$E5<V5R+DE5<V5R1F%X)PT*1T\-"@T*15A%0R!S<%]B:6YD<G5L
M92 G9&)O+G)U;&5&3TXG+" G=&)L255S97(N255S97)&3TXG#0I'3PT*#0I%
M6$5#('-P7V)I;F1R=6QE("=D8F\N<G5L949/3B<L("=T8FQ)57-E<BY)57-E
M<DUO8FEL)PT*1T\-"@T*<V5T=7-E<@T*1T\-"@T*+RHJ*BHJ*B!/8FIE:W0Z
M("!486)E;&QE(&1B;RYT8FQ087-S=V0@(" @4VMR:7!T9&%T=6TZ(#(T+C T
M+CDY(#$W.C,P.C,Y("HJ*BHJ*B\-"D-214%412!404),12!D8F\N=&)L4&%S
M<W=D("@-"@E02V5Y(&EN="!)1$5.5$E462 H,2P@,2D@3D]4($Y53$P@+ T*
M"5!A<W-W;W)D('9A<F-H87(@*#$P*2!.3U0@3E5,3" L#0H)26Y5<V4@8FET
M($Y/5"!.54Q,($-/3E-44D%)3E0@1$9?=&)L4&%S<W=D7TEN57-E($1%1D%5
M3%0@*&-O;G9E<G0H8FET+# I*2P-"@E0<F]C240@=F%R8VAA<B H,3(I($Y5
M3$P@+ T*"51I;653=&%M<"!T:6UE<W1A;7 @3D]4($Y53$P@+ T*"4-R96%T
M:6]N1&%T92!D871E=&EM92!.3U0@3E5,3"!#3TY35%)!24Y4($1&7W1B;%!A
M<W-W9%]#<F5A=&EO;D1A=&4@1$5&055,5" H9V5T9&%T92@I*2P-"@E#3TY3
M5%)!24Y4('!K7U!A<W-W9%]02V5Y(%!224U!4ED@2T59("!.3TY#3%535$52
M140@#0H)* T*"0E02V5Y#0H)*0T**0T*1T\-"@T*($-214%412 @0TQ54U1%
M4D5$("!)3D1%6"!I>%]087-S=V1?4&%S<W=D($].(&1B;RYT8FQ087-S=V0H
M4&%S<W=O<F0I(%=)5$@@($%,3$]77T154%]23U<@#0I'3PT*#0HO*BHJ*BHJ
M($]B:F5K=#H@(%1A8F5L;&4@9&)O+G1B;%=O<G1S86QA:&0@(" @4VMR:7!T
M9&%T=6TZ(#(T+C T+CDY(#$W.C,P.C,Y("HJ*BHJ*B\-"D-214%412!404),
M12!D8F\N=&)L5V]R='-A;&%H9" H#0H)4$ME>2!T:6YY:6YT($E$14Y42519
M("@Q+" Q*2!.3U0@3E5,3" L#0H)0V]N=&5N="!V87)C:&%R("@X,RD@3D]4
M($Y53$P@+ T*"4E$4R!B:70@3D]4($Y53$P@0T].4U1204E.5"!$1E]T8FQ7
M;W)T<V%L86AD7TE$4R!$149!54Q4("AC;VYV97)T*&)I="PQ*2DL#0H)5&EM
M95-T86UP('1I;65S=&%M<"!.3U0@3E5,3" L#0H)0T].4U1204E.5"!P:U]7
M;W)T<V%L86AD7U!+97D@4%))34%262!+15D@($-,55-415)%1" -"@DH#0H)
M"5!+97D-"@DI#0HI#0I'3PT*#0H@0U)%051%("!)3D1%6"!I>%]7;W)T<V%L
M86AD7U!+97D@3TX@9&)O+G1B;%=O<G1S86QA:&0H4$ME>2D-"D=/#0H-"B\J
M*BHJ*BH@3V)J96MT.B @1V5S<&5I8VAE<G1E(%!R;WIE9'5R(&1B;RY8<')C
M0W)T255S97)087-S=V0@(" @4VMR:7!T9&%T=6TZ(#(T+C T+CDY(#$W.C,P
M.C,Y("HJ*BHJ*B\-"B\J("TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM
M+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2HO#0HO*B!0<F]C961U
M<F4Z(%AP<F-#<G1)57-E<E!A<W-W9 D)"0D)*B\-"B\J($-R96%T97,@82!U
M;FEQ=64@4&%S<W=O<F0@9F]R(&%N($E5<V5R"0D)"2HO#0HO*@D)"0D)"0D)
M"2HO#0HO*B!P87)A;65T97(Z(&XO80D)"0D)"0DJ+PT*+RH)"0D)"0D)"0DJ
M+PT*+RH@=F%R:6%B;&5S.@E 255S97)02V5Y"0D]('!R:6UA<GD@:V5Y(&]F
M(&EU<V5R"2HO#0HO*@D)"0D)"0D)"2HO#0HO*B M+2TM+2TM+2TM+2TM+2TM
M+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TJ
M+PT*0W)E871E(%!R;V-E9'5R92!8<')C0W)T255S97)087-S=V0-"@DH#0H)
M"4!I=7-E<G!K97D)"6EN= D](# -"@DI#0H-"D%S#0H-"@D)1$5#3$%212! 
M8V]U;G1E<@EI;G0)"2TM('J$:&QE<@T*"0E$14-,05)%($!V87)C;W5N= EV
M87)C:&%R*#$R*0DM+2!W97)T('9O;B! 8V]U;G1E<B!A;',@=F%R8VAA<@D-
M"@D)1$5#3$%212! <F5C;W)D<V5T"6EN= D)+2T@9&5R(&=E<F%D92!E<GIE
M=6=T92!P<FEM87)Y(&ME>0T*"0E$14-,05)%($!D871E"0ED871E=&EM90DM
M+2!H975T:6=E<R!$871U;0T*#0H)"41%0TQ!4D4@0'!A<W-W9 EV87)C:&%R
M*#@I"2TM(&1A<R!F97)T:6=E('!A<W-W;W)T#0H)"41%0TQ!4D4@0&)S=#$)
M"6-H87(H,2D)+2T@8G5C:'-T86)E(#$@875S('=O<G1S86QA:&0-"@D)1$5#
M3$%212! 8G-T,@D)8VAA<B@Q*0DM+2!B=6-H<W1A8F4@,B!A=7,@=V]R='-A
M;&%H9 T*"0E$14-,05)%($!B<W0S"0EC:&%R*#$I"2TM(&)U8VAS=&%B92 S
M(&%U<R!W;W)T<V%L86AD#0H)"41%0TQ!4D4@0&1E<FEV870):6YT"0DM+2!E
M<F=E8FYI<R!D97(@8F5R96-H;G5N9PT*"0E$14-,05)%($!D97)I=GIW<PEV
M87)C:&%R*#4I"2TM('IW:7-C:&5N<W!E:6-H97)U;F<@9&5S(&1E<FEV871S
M#0T*"0E$14-,05)%($!D97)I=C$)=F%R8VAA<B@T*0DM+2!T96EL<W1R:6YG
M(#$@9&5R(&UA=&AE;6%T:7-C:&5N(&)E<F5C:&YU;F<@=F]N(&1E<FEV870-
M"@D)1$5#3$%212! 9&5R:78R"79A<F-H87(H-"D)+2T@=&5I;'-T<FEN9R R
M(&1E<B!M871H96UA=&ES8VAE;B!B97)E8VAN=6YG('9O;B!D97)I=F%T#0H)
M"41%0TQ!4D4@0&ME>0D):6YT"0DM+2!K97D@9&5S('=O<G1S86QA:&0M9&%T
M96YS871Z97,-"@D)1$5#3$%212! =V]R='-A;&%H9 EC:&%R*#@S*0DM+2!W
M:64@9&5R(&YA;64@<V-H;VX@<V%G= T*"0D-"E-%3$5#5"! 9&%T92 ](&=E
M=$1A=&4H*0T*#0I"14=)3B!44D%.('1R;D-R=%!A<W-W9 T*+RH@9FEL;',@
M=&AE('9A<FEA8FQE<R J+PT*9FEL;%]V87)S.@T*0D5'24X-"@DO*B!S96QE
M8W1S(&1E;B!P<FEM87)Y(&ME>2!F@7(@=V]R='-A;&%H9" J+PT*"5-%3$5#
M5"! :V5Y(#T@*"@H8V]N=F5R="AI;G0L(&1A=&5P87)T*&UI;&QI<V5C;VYD
M+"!G971D871E*"DI*2D@+R Q,# @*2 K(#$I#0H)"0T*"2\J(&:!;&QT(&1I
M92!V87)I86)L92!W;W)T<V%L86AD(&%U<R!D97(@=&)L5V]R='-A;&%H9" J
M+PT*"5-%3$5#5"! =V]R='-A;&%H9" ]( T*"0D)*%-%3$5#5"!#3TY414Y4
M(&9R;VT@=&)L5V]R='-A;&%H9" -"@D)"0EW:&5R92!02V5Y(#T@0&ME>0T*
M"0D)*0T*"0D-"@DO*B!F@6QL="!D:64@=F%R:6%B;&5N(&)S=%LQ("T@,UT@
M;6ET('=E<G1E;B!A=7,@=V]R='-A;&%H9" J+PT*"5-%3$5#5"! 8G-T,2 ]
M(%-50E-44DE.1R H($!W;W)T<V%L86AD+" H8V]N=F5R="AI;G0L(&1A=&5P
M87)T*'-E8V]N9"P@9V5T9&%T92@I*2DI+" Q("D-"@E314Q%0U0@0&)S=#(@
M/2!354)35%))3D<@*"! =V]R='-A;&%H9"P@*" H8V]N=F5R="AI;G0L(&1A
M=&5P87)T*'-E8V]N9"P@9V5T9&%T92@I*2DI("L@*"@H8V]N=F5R="AI;G0L
M(&1A=&5P87)T*'-E8V]N9"P@9V5T9&%T92@I*2DI*S$I("\@,RD@*2P@,2 I
M#0H)4T5,14-4($!B<W0S(#T@4U5"4U1224Y'("@@0'=O<G1S86QA:&0L("@@
M*&-O;G9E<G0H:6YT+"!D871E<&%R="AS96-O;F0L(&=E=&1A=&4H*2DI*2 K
M("AC;VYV97)T*&EN="P@9&%T97!A<G0H;6]N=&@L(&=E=&1A=&4H*2DI*2 I
M+" Q("D-"@D)#0H)+RH@8W)E871E<R! 9&5R:79A="!F<F]M('-E8V]N9" J
M(&UI;&QI<V5C;VYD("H@;6EL;&ES96-O;F0@*B\-"@E314Q%0U0@0&1E<FEV
M870)"3T@*"AC;VYV97)T*&EN="P@9&%T97!A<G0H<V5C;VYD+"!G971D871E
M*"DI*2D@*B H8V]N=F5R="AI;G0L(&1A=&5P87)T*&UI;&QI<V5C;VYD+"!G
M971D871E*"DI*2DI("H@*&-O;G9E<G0H:6YT+"!D871E<&%R="AM:6QL:7-E
M8V]N9"P@9V5T9&%T92@I*2DI#0H)"0T*"2\J(&-O;G9E<G1S($!D97)I=F%T
M(&EN=&\@=F%R8VAA<B J+R -"@E314Q%0U0@0&1E<FEV>G=S"3T@*&-O;G9E
M<G0H=F%R8VAA<BP@0&1E<FEV870I*0T*"0D-"@DO*B!S96QE8W1S(&1E;B!P
M<FEM87)Y(&ME>2!F@7(@<&EE8V5M86ME<B J+PT*"5-%3$5#5"! :V5Y(#T@
M*"@H8V]N=F5R="AI;G0L(&1A=&5P87)T*&UI;&QI<V5C;VYD+"!G971D871E
M*"DI*2D@+R R-3 @*2 K(#$I#0H)"0T*"2\J(&%N9"!C=71S(&ET(&EN('1W
M;R!P:65C97,@*B\-"@E314Q%0U0@0&1E<FEV,0D)/2!354)35%))3D<@*"! 
M9&5R:79Z=W,L(#$L($!K97D@*0T*"5-%3$5#5"! 9&5R:78R"0D](%-50E-4
M4DE.1R H($!D97)I=GIW<RP@,2 K($!K97DL(#4@+2! :V5Y("D-"D5.1 T*
M#0HO*B!C<F5A=&5S('1H92!P87-S=V]R9" J+PT*8W)T7W!A<W,Z#0I"14=)
M3@T*"2\J(&-R96%T97,@0'!A<W-W9"!F<F]M($!D97)I=F%T("HO#0H)4T5,
M14-4($!K97D@/2 H*"AC;VYV97)T*&EN="P@9&%T97!A<G0H;6EL;&ES96-O
M;F0L(&=E=&1A=&4H*2DI*2 O(#$Q,2 I("L@,2D-"@D)#0H)248@0&ME>2 ]
M(#$-"@D)0D5'24X-"@D)"5-%3$5#5"! <&%S<W=D"0D]($!B<W0Q("L@0&1E
M<FEV,2 K($!B<W0R("L@0&1E<FEV,B K($!B<W0S#0H)"45.1 T*"4E&($!K
M97D@/2 R#0H)"4)%1TE.#0H)"0E314Q%0U0@0'!A<W-W9 D)/2! 9&5R:78Q
M("L@0&)S=#(@*R! 9&5R:78R("L@0&)S=#,@*R! 8G-T,0T*"0E%3D0-"@E)
M1B! :V5Y(#T@,PT*"0E"14=)3@T*"0D)4T5,14-4($!P87-S=V0)"3T@0&)S
M=#(@*R! 9&5R:78R("L@0&)S=#,@*R! 8G-T,2 K($!D97)I=C$-"@D)14Y$
M#0H)248@0&ME>2 ](#0-"@D)0D5'24X-"@D)"5-%3$5#5"! <&%S<W=D"0D]
M($!D97)I=C(@*R! 8G-T,R K($!B<W0Q("L@0&1E<FEV,2 K($!B<W0R#0H)
M"45.1 T*"4E&($!K97D@/2 U#0H)"4)%1TE.#0H)"0E314Q%0U0@0'!A<W-W
M9 D)/2! 8G-T,R K($!B<W0Q("L@0&1E<FEV,2 K($!B<W0R("L@0&1E<FEV
M,@T*"0E%3D0-"@E)1B! :V5Y(#T@-@T*"0E"14=)3@T*"0D)4T5,14-4($!P
M87-S=V0)"3T@0&1E<FEV,B K($!D97)I=C$@*R! 8G-T,2 K($!B<W0R("L@
M0&)S=#,-"@D)14Y$#0H)248@0&ME>2 ](#<-"@D)0D5'24X-"@D)"5-%3$5#
M5"! <&%S<W=D"0D]($!B<W0S("L@0&)S=#(@*R! 8G-T,2 K($!D97)I=C$@
M*R! 9&5R:78R#0H)"45.1 T*"4E&($!K97D@/2 X#0H)"4)%1TE.#0H)"0E3
M14Q%0U0@0'!A<W-W9 D)/2! 8G-T,B K($!D97)I=C(@*R! 9&5R:78Q("L@
M0&)S=#$@*R! 8G-T,PT*"0E%3D0-"@E)1B! :V5Y(#[email protected]*"0E"14=)3@T*
M"0D)4T5,14-4($!P87-S=V0)"3T@0&)S=#(@*R! 8G-T,2 K($!D97)I=C$@
M*R! 9&5R:78R("L@0&)S=#,-"@D)14Y$#0I%3D0-"@T*+RH@8VAE8VMS('1H
M92!C<F5A=&5D('!A<W-W;W)D("HO#0IC:&M?<&%S<SH-"D)%1TE."0T*"0T*
M"2\J(&-H96-K<R!T:&4@;&5N9W1H(&]F('1H92!P87-S=V0@*B\-"@EC:&M?
M<&%S<U]L96XZ#0H)248@0'!A<W-W9"!,24M%("@G7U]?7U]?7U\G*0DM+2!F
M;W)M97)L>2!K;F]W;B!A<SH@6V$M>BQ!+5HL,"TY75MA+7HL02U:+# M.5U;
M82UZ+$$M6BPP+3E=6V$M>BQ!+5HL,"TY75MA+7HL02U:+# M.5U;82UZ+$$M
M6BPP+3E=6V$M>BQ!+5HL,"TY75MA+7HL02U:+# M.5T-"@D)0D5'24X-"@D)
M+RH@;&5N9W1H($]+("HO#0H)"4=/5$\@8VAK7W!A<W-?9&]U8FQE#0H)"45.
M1 T*"45,4T4-"@D)0D5'24X-"@D)"7!R:6YT("<K*RL@=&]O('-H;W)T(#HM
M*" K*RLG#0H)"4=/5$\@9FEL;%]V87)S#0H)"45.1 T*"0T*"2\J(&-H96-K
M<R!F;W(@9&]U8FQE='1E<R J+PD-"@EC:&M?<&%S<U]D;W5B;&4Z#0H)<')I
M;G0@)R J*BH@;&5N9W1H(&]K(#HM*2 J*BHG#0H)"41%0TQ!4D4@0&1O=6)L
M93$@8VAA<B@Q*0DM+2!E<G-T97,@>F5I8VAE;@T*"0E$14-,05)%($!D;W5B
M;&4R(&-H87(H,2D)+2T@>G=E:71E<R!Z96EC:&5N#0H)"41%0TQ!4D4@0&1C
M;W5N=&5R('1I;GEI;G0)+2T@<&]S:71I;VYS>H1H;&5R#0H)"0T*"2\J('-E
M=',@9&-O=6YT97(@=&\@<&]S:71I;VX@,B J+PT*"5-%3$5#5"! 9&-O=6YT
M97(@/2 R#0H)"0T*"2\J(&-H96-K<R!F;W(@9&]U8FQE='1E<R J+PT*"5=(
M24Q%("A314Q%0U0@0&1C;W5N=&5R*2 \/2 X#0H)"4)%1TE.#0H)"0E314Q%
M0U0@0&1O=6)L93$@/2!354)35%))3D<@*$!P87-S=V0L("A 9&-O=6YT97(@
M+3$I+" Q*0T*"0D)4T5,14-4($!D;W5B;&4R(#T@4U5"4U1224Y'("A <&%S
M<W=D+" H0&1C;W5N=&5R*2P@,2D-"@D)"0D-"@D)"0E)1B! 9&]U8FQE,2 ]
M($!D;W5B;&4R#0H)"0D)"4)%1TE.#0H)"0D)"0EP<FEN=" G*RLK(&1O=6)L
M971T92 Z+2@@*RLK)PT*"0D)"0EG;W1O(&9I;&Q?=F%R<PT*"0D)"0E%3D0-
M"@D)"0E%3%-%#0H)"0D)"4)%1TE.#0H)"0D)"0E314Q%0U0@0&1C;W5N=&5R
M(#T@0&1C;W5N=&5R("LQ#0H)"0D)"45.1 T*"0D)14Y$#0H)"7!R:6YT("<@
M*BHJ(&YO(&1O=6)L971T92 Z+2D@*BHJ)PT*"0EG;W1O(&-H:U]P87-S7V5X
M:7-T#0H)"0T*"2\J(&-H96-K<R!I9B!T:&4@<&%S<W=O<F0@86QR96%D>2!E
M>&ES=',@*B\-"@EC:&M?<&%S<U]E>&ES=#H-"@E)1B!%6$E35%,@#0H)"2A3
M14Q%0U0@4&%S<W=O<F0@9G)O;2!T8FQ087-S=V0@*$E.1$58(#T@:7A?4&%S
M<W=D7U!A<W-W9"D-"@D)"7=H97)E( T*"0D)"2@-"@D)"0E087-S=V]R9" ]
M($!P87-S=V0-"@D)"0DI#0H)"2D-"@D)0D5'24X-"@D)"7!R:6YT("<K*RL@
M<&%S<W=O<F0@97AI<W1S(#HM*" K*RLG#0H)"0EG;W1O(&9I;&Q?=F%R<PT*
M"0E%3D0-"@E%3%-%#0H)#0H)"2\J('!A<W-W;W)D('=I<F0@9V5N97)I97)T
M("HO#0H)"4)%1TE.(%1204X@=')N26YS4&%S<W=D#0H)"0E)3E-%4E0@24Y4
M3R!T8FQ087-S=V0-"@D)"0D)* T*"0D)"0E087-S=V]R9"P-"@D)"0D)4')O
M8TE$+ T*"0D)"0E#<F5A=&EO;D1A=&4-"@D)"0D)*0T*"0D)"59!3%5%4PT*
M"0D)"0DH#0H)"0D)"4!P87-S=V0L#0H)"0D)"2AC;VYV97)T*'9A<F-H87(L
M($! 4')O8TE$*2DL#0H)"0D)"4!D871E#0H)"0D)"2D-"@D)"7!R:6YT("<G
M#0H)"0EP<FEN=" G("HK*BLJ('5N:7%U92!P87-S=V]R9"!G96YE<F%T960@
M*BLJ*RHG#0H)"0E)1B!.3U0@0$E5<V5R4$ME>2 ](# -"@D)"4)%1TE.#0H)
M"0D)55!$051%('1B;$E5<V5R#0H)"0D)"5-%5"!)57-E<E!A<W-W9" ]($!P
M87-S=V0-"@D)"0D)5TA%4D4@4$ME>2 ]($!I=7-E<G!K97D-"@D)"7!R:6YT
M("<M+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2TM
M+2TM+2TM+2TM+2TM+2TM+2TM+2TM+2<-"@D)"45.1 T*"0E#3TU-250@5%)!
M3@T*14Y$#0I#3TU-250@5%)!3@T*1T\-"@T*+RHJ*BHJ*B!/8FIE:W0Z("!4
M<FEG9V5R(&1B;RYT<F=5<&1)57-E<B @("!3:W)I<'1D871U;3H@,C0N,#0N
M.3D@,3<Z,S Z,SD@*BHJ*BHJ+PT*0U)%051%(%1224='15(@=')G57!D255S
M97(@3TX@9&)O+G1B;$E5<V5R#0I&3U(@55!$051%#0I!4PT*#0H@($E&($Y/
M5"!54$1!5$4H255S97)#<F5A=&EO;D1A=&4I($]2($Y/5"!54$1!5$4H255S
M97)#<F5A=&EO;E5S97(I#0H@(" @55!$051%('1B;$E5<V5R#0H@(" @("!3
M150@255S97),87-T57!D871E(#T@1V5T1&%T92@I+"!)57-E<DQA<W15<&1A
M=&55<V5R(#T@57-E<@T*(" @(" @1E)/32!T8FQ)57-E<BP@:6YS97)T960-
M"@E72$5212!T8FQ)57-E<BY02V5Y(#T@:6YS97)T960N4$ME>0T*#0I'3PT*
M#0HO*BHJ*BHJ($]B:F5K=#H@(%1R:6=G97(@9&)O+G1R9TEN<TE5<V5R(" @
M(%-K<FEP=&1A='5M.B R-"XP-"XY.2 Q-SHS,#HS.2 J*BHJ*BHO#0I#4D5!
M5$4@5%))1T=%4B!T<F=);G-)57-E<B!/3B!D8F\N=&)L255S97(-"D9/4B!)
M3E-%4E0-"D%3#0H-"D1%0TQ!4D4@0&YE=VME>2!I;G0-"@T*("!54$1!5$4@
M=&)L255S97(-"B @("!3150@255S97)#<F5A=&EO;D1A=&4)/2!'971$871E
M*"DL( T*"0E)57-E<D-R96%T:6]N57-E<@D](%5S97(-"@T*(" @1E)/32!T
M8FQ)57-E<BP@:6YS97)T960-"@E72$5212!T8FQ)57-E<BY02V5Y(#T@:6YS
M97)T960N4$ME>0T*"0T*#0I314Q%0U0@0&YE=VME>2 ]("A314Q%0U0@=&)L
M255S97(N4$ME>2!F<F]M('1B;$E5<V5R+"!I;G-E<G1E9 T*"0D)"0EW:&5R
M92!T8FQ)57-E<BY02V5Y(#T@:6YS97)T960N4$ME>2D-"@T*+RH@97AE8W5T
M:6YG('!A<W-W;W)D+7!R;V-E9'5R92!T;R!C<F5A=&4@82!N97<L('5N:7%U
M92!P87-S=V]R9"!F;W(@=&AE('5S97(@*B\-"D5814,@6'!R8T-R=$E5<V5R
:4&%S<W=D($!N97=K97D-"@T*#0I'3PT*#0H`
`
end


------------------------------

From: [EMAIL PROTECTED] (David P Jablon)
Subject: Re: choosing g in DH
Date: Sat, 24 Apr 1999 15:43:41 GMT

In article <oCLT2.296$[EMAIL PROTECTED]>,
Phil Howard <[EMAIL PROTECTED]> wrote:
>Are there any references available to the mathematics required
>in choosing a good, or relatively good, value for g in DH?

The paper on SPEKE describes how to choose g.
It's available on-line at <http://www.IntegritySciences.com/speke.html>

======================================================
David P. Jablon
Integrity Sciences, Inc.
[EMAIL PROTECTED]
<http://www.IntegritySciences.com>

------------------------------

From: [EMAIL PROTECTED] (David P Jablon)
Subject: Re: choosing g in DH
Date: Sat, 24 Apr 1999 15:53:15 GMT

In article <[EMAIL PROTECTED]>, Piso Mojado  <[EMAIL PROTECTED]> wrote:
>Phil Howard wrote:
>> 
>> Are there any references available to the mathematics required
>> in choosing a good, or relatively good, value for g in DH?
>
>...
>g can be a "generator" or not a generator. It is important that
>g is chosen so that raising it to integer powers will produce
>a large number of unique results. If it is a generator, g will
>produce all possible integer results less than the modulus. If it
>is not a generator, it should produce a large fraction of the possible
>integers less than the modulus, before the sequence cycles.

Strictly speaking, g should generate a large group of integers,
which might actually represent a small fraction of the full group.
For example, take a 512-bit p, where q is a 160-bit prime factor
of p-1.  The subgroup of order q is a very small fraction of
the full group, yet still large enough for relatively safe 
Diffie-Hellman computation.

======================================================
David P. Jablon
Integrity Sciences, Inc.
[EMAIL PROTECTED]
<http://www.IntegritySciences.com>

------------------------------

From: [EMAIL PROTECTED] (David P Jablon)
Subject: Re: choosing g in DH
Date: Sat, 24 Apr 1999 15:57:32 GMT

In article <[EMAIL PROTECTED]>,
Bob Deblier  <[EMAIL PROTECTED]> wrote:
>Roger Schlafly wrote:
>
>> Michael J. Fromberger wrote in message
>> <7foilt$5r6$[EMAIL PROTECTED]>...
>> >Actually, the value of g should be chosen to be a primitive element
>> >(also known as a "generator") modulo p.  A value g is a generator
>> >modulo p if the smallest value x such that g^x = 1 (mod p) is (p - 1).
>>
>> No, the earlier advice was better. There are some attacks if g is a
>> generator. It is safer to choose g to have prime order.
>
>Any pointers on where I can find more information on that?

Discussion of this with respect to password-authenticated
Diffie-Hellman is in <http://www.IntegritySciences.com/speke.html>

======================================================
David P. Jablon
Integrity Sciences, Inc.
[EMAIL PROTECTED]
<http://www.IntegritySciences.com>


------------------------------

From: [EMAIL PROTECTED] (David P Jablon)
Subject: Re: choosing g in DH
Date: Sat, 24 Apr 1999 16:06:21 GMT

In article <%CaU2.523$[EMAIL PROTECTED]>,
Phil Howard <[EMAIL PROTECTED]> wrote:
>On Fri, 23 Apr 1999 17:51:45 +0100 Michael Scott ([EMAIL PROTECTED]) wrote:
>
>| Scott Fluhrer <[EMAIL PROTECTED]> wrote in message
>| news:7fpime$[EMAIL PROTECTED]...
>| > In article <7foqh5$[EMAIL PROTECTED]>,
>| > "Roger Schlafly" <[EMAIL PROTECTED]> wrote:
>| >
>| > >Michael J. Fromberger wrote in message
>| > ><7foilt$5r6$[EMAIL PROTECTED]>...
>| > >>Actually, the value of g should be chosen to be a primitive element
>| > >>(also known as a "generator") modulo p.  A value g is a generator
>| > >>modulo p if the smallest value x such that g^x = 1 (mod p) is (p - 1).
>| > >
>| > >No, the earlier advice was better. There are some attacks if g is a
>| > >generator. It is safer to choose g to have prime order.
>| >
>| > That makes no sense.  If you know a generator g in which you can
>| > compute discrete logs, then you can compute discrete logs in any
>| > base.  Here's how:
>| > ...snip
>|
>| Ah but it does make sense. The suggested use of a prime order generator is
>| to avert certain active attacks on the DH algorithm, not to make the
>| discrete log problem more difficult..
>
>So now where I can I find references on how to choose g to have prime order?

Find a suitably large q which is a prime factor of (p-1).
Take any number e where 1 < e < p-1, and choose g = e^((p-1)/q).
Either g will be of prime order q, or it will be equal to 1.
For simplicity, when q = (p-1)/2, you can always use g = 4.

For reference, see any good introduction to group theory, or
my paper on password-authenticated Diffie-Hellman at
<http://www.IntegritySciences.com/speke.html>

======================================================
David P. Jablon
Integrity Sciences, Inc.
[EMAIL PROTECTED]
<http://www.IntegritySciences.com>

------------------------------


** FOR YOUR REFERENCE **

The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:

    Internet: [EMAIL PROTECTED]

You can send mail to the entire list (and sci.crypt) via:

    Internet: [EMAIL PROTECTED]

End of Cryptography-Digest Digest
******************************

Reply via email to