Re: Origin of DH modulus
Actually, the information that *both* p and (p-1)/2 were checked for being prime is useful and should be cited in the spec. On Fri, Jul 18, 2008 at 11:05 AM, Martin Atkins <[EMAIL PROTECTED]> wrote: > Dwayne C. Litzenberger wrote: >> http://openid.net/specs/openid-authentication-2_0.html#pvalue states: >> >> Appendix B. Diffie-Hellman Key Exchange Default Value >> >> This is a confirmed-prime number, used as the default modulus for >> Diffie-Hellman Key Exchange. In hexadecimal: >> >> DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61E >> F75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D268370557 >> 7D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E382 >> 6634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22C583AB >> >> Where did this number come from? A quick Google search reveals nothing >> particularly enlightening. >> >> When specifying constants for cryptographic protocols, it is customary >> to explain how the constant was arrived at so that people can be assured >> that they were not specially chosen to (for example) act as a backdoor. >> See: >> >> http://en.wikipedia.org/wiki/Nothing_up_my_sleeve_number >> http://en.wikipedia.org/wiki/Dual_EC_DRBG >> >> Ideally, this information should accompany the modulus in the OpenID >> spec itself. >> > > Paul Crowley originally pulled a number out of /etc/ssh/moduli on his > machine and checked it for prime-ness: > > http://lists.danga.com/pipermail/yadis/2005-June/000718.html > > I've not checked to see if this is the same number (too lazy to convert > huge hex to decimal) but even if it isn't I'd guess the number was > probably found in a similar way. > > Unfortunately, "I just picked this out of a file on my computer" isn't a > great thing to cite in a specification. > > > ___ > specs mailing list > specs@openid.net > http://openid.net/mailman/listinfo/specs > -- --Breno +1 (650) 214-1007 desk +1 (408) 212-0135 (Grand Central) MTV-41-3 : 383-A PST (GMT-8) / PDT(GMT-7) ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: Origin of DH modulus
Dwayne C. Litzenberger wrote: > http://openid.net/specs/openid-authentication-2_0.html#pvalue states: > > Appendix B. Diffie-Hellman Key Exchange Default Value > > This is a confirmed-prime number, used as the default modulus for > Diffie-Hellman Key Exchange. In hexadecimal: > > DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61E > F75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D268370557 > 7D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E382 > 6634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22C583AB > > Where did this number come from? A quick Google search reveals nothing > particularly enlightening. > > When specifying constants for cryptographic protocols, it is customary > to explain how the constant was arrived at so that people can be assured > that they were not specially chosen to (for example) act as a backdoor. > See: > > http://en.wikipedia.org/wiki/Nothing_up_my_sleeve_number > http://en.wikipedia.org/wiki/Dual_EC_DRBG > > Ideally, this information should accompany the modulus in the OpenID > spec itself. > Paul Crowley originally pulled a number out of /etc/ssh/moduli on his machine and checked it for prime-ness: http://lists.danga.com/pipermail/yadis/2005-June/000718.html I've not checked to see if this is the same number (too lazy to convert huge hex to decimal) but even if it isn't I'd guess the number was probably found in a similar way. Unfortunately, "I just picked this out of a file on my computer" isn't a great thing to cite in a specification. ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Origin of DH modulus
http://openid.net/specs/openid-authentication-2_0.html#pvalue states: Appendix B. Diffie-Hellman Key Exchange Default Value This is a confirmed-prime number, used as the default modulus for Diffie-Hellman Key Exchange. In hexadecimal: DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61E F75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D268370557 7D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E382 6634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22C583AB Where did this number come from? A quick Google search reveals nothing particularly enlightening. When specifying constants for cryptographic protocols, it is customary to explain how the constant was arrived at so that people can be assured that they were not specially chosen to (for example) act as a backdoor. See: http://en.wikipedia.org/wiki/Nothing_up_my_sleeve_number http://en.wikipedia.org/wiki/Dual_EC_DRBG Ideally, this information should accompany the modulus in the OpenID spec itself. -- Dwayne C. Litzenberger <[EMAIL PROTECTED]> Key-signing key - 19E1 1FE8 B3CF F273 ED17 4A24 928C EC13 39C2 5CF7 Annual key (2008) - 4B2A FD82 FC7D 9E38 38D9 179F 1C11 B877 E780 4B45 signature.asc Description: Digital signature ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs