On Tue, 26 Jan 2016 08:35:53 -0500, James Starkey <[email protected]> wrote: > Is there any reasons to believe there are unsafe SRP primes?
http://tools.ietf.org/html/rfc5054: The group parameters (N, g) sent in this message MUST have N as a safe prime (a prime of the form N=2q+1, where q is also prime). The integers from 1 to N-1 will form a group under multiplication % N, and g MUST be a generator of this group. In addition, the group parameters MUST NOT be specially chosen to allow efficient computation of discrete logarithms. The SRP group parameters in Appendix A satisfy the above requirements, so the client SHOULD accept any parameters from this appendix that have large enough N values to meet her security requirements. The client MAY accept other group parameters from the server, if the client has reason to believe that these parameters satisfy the above requirements, and the parameters have large enough N values. For example, if the parameters transmitted by the server match parameters on a "known-good" list, the client may choose to accept them. See Section 3 for additional security considerations relevant to the acceptance of the group parameters. On http://srp.stanford.edu/design.html: N A large safe prime (N = 2q+1, where q is prime) On http://tools.ietf.org/html/rfc2945: For maximum security, N should be a safe prime (i.e. a number of the form N = 2q + 1, where q is also prime). Based on the above sources, I'd guess that more knowledgeable people than me have arrived at the conclusion that some primes are better than others when it comes to SRP :). The above also seems to imply that the values of N and g can be chosen in a way to decrease security. Mark ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
