Since most, if not all implementations of DH key exchange are set to choose p and q from primes with several hundreds of digits, the chance of getting a zero or one is extremely small to non-existent.
That aside the finding is, of course, an implementation weakness. Bjarne --- Bjarne Carlsen CTO I/S Mail2Net Denmark ons, 19 09 2007 kl. 11:31 -0400, skrev Evgeny Lebanidze: > Yes, this is certainly bad and a very interesting finding. These checks > should clearly be present. Are there serious practical ramifications of this > problem though? In other words, how likely is it that the generated public > key in the DH key exchange will actually be 0 or 1? It can certainly happen, > but our passive attacker would have to be passive for a very long time and > there is no guarantee that the secret key they might eventually get will be > of interest to them (since the attacker cannot control when a weak public key > is produced). Just a thought. > > Evgeny > > ------------------------------------------------- > Evgeny Lebanidze > Senior Security Consultant, Cigital > 703-585-5047, http://www.cigital.com > Software Confidence. Achieved. > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kowsik > Sent: Wednesday, September 19, 2007 1:24 AM > To: SC-L@securecoding.org > Subject: [SC-L] DH exchange: conspiracy or ignorance? > > http://labs.musecurity.com/2007/09/18/widespread-dh-implementation-weakness/ > > K. > > ps: I work for Mu. > _______________________________________________ > Secure Coding mailing list (SC-L) SC-L@securecoding.org > List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l > List charter available at - http://www.securecoding.org/list/charter.php > SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) > as a free, non-commercial service to the software security community. > _______________________________________________ > > _______________________________________________ > Secure Coding mailing list (SC-L) SC-L@securecoding.org > List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l > List charter available at - http://www.securecoding.org/list/charter.php > SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) > as a free, non-commercial service to the software security community. > _______________________________________________ _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________