Thank you very much! Exactly what I was looking for. Hav a nice day. Oliver
Matt Johnston <[EMAIL PROTECTED]> 14.09.2007 17:21 An [EMAIL PROTECTED] Kopie [email protected] Thema Re: Two questions regarding Diffie-Hellman key exchange On Fri, Sep 14, 2007 at 05:11:46PM +0200, [EMAIL PROTECTED] wrote: > Hello, > > I am currently working on my master-thesis, which involves implementing > the SSH protocol on a smart-card. Therefore I am using dropbear as a non > cpu and memory intensiv blueprint. > > I am currently stucked with two questions regarding the Diffie-Hellman key > exchange (SSH_MSG_KEXDH_INIT message). First of all, can you point me to a > document where the prime number p (128Byte) is defined? Unfortunatly the > RFC 4253 (SSH Transport Layer) doesn't give a hint. Take a look at section 6.2 of RFC 2409. The naming is a bit of a shambles - I'm not sure why diffie-hellman-group1-sha1 actually refers to "Second Oakley Group". > The next question I am puzzled with: How come the result (e) of the client > side 'e = g^x mod p' calculation is a 133 Byte value? At least, that's > what it looks like when I sniff the packet with wireshark (formaly > ethereal). From my understanding, a modulo calculation with a 128 byte > value should produce a result equal or less than 128 byte. Am I wrong? > Are there additional bytes added to e, which the RFC 4253 doesn't mention? > (the message is described in section 8, RFC 4252, jan 2006) Have a look at section 5, rfc4251. mpints have a 4 byte lengthh, then may be padded by a byte if their most significant bit is set. Cheers, Matt
