In article <[EMAIL PROTECTED]>,
Barry A. Warsaw <[EMAIL PROTECTED]> wrote:
>sshd.c has this comment:
>
> /* Check that server and host key lengths differ sufficiently. This is
> necessary to make double encryption work with rsaref. Oh, I hate
> software patents. */
>
>I don't know much about how rsaref works; could some explain what this
>comment means, and why the difference is necessary?
As part of the session startup, the client generates a session key
and sends it back to the server, encrypted with both the host key
and server key. If you're using RSAref, you need to use the PKCS#1
method for packing the plaintext into a bignum. PKCS#1 specifies
a minimum amount of random padding in the bignum, plus a type and
a sentinel byte, with the result that if your plaintext is X bits
long, you need to have an RSA modulus of at least X+Y (I forget
what Y is --- around a hundred, I think).
Once you've encrypted a number with RSA, the result is (in practice)
always as large as the modulus. Which means that if you're going
to try to encrypt the result again, the modulus of the second key
must be at least Y bits larger than the modulus for the first.
--
Wim Lewis / wiml@{omnigroup.com|hhhh.org} / I do not speak for Omni
PGP 0x27F772C1: 0C 0D 10 D5 FC 73 D1 35 26 46 42 9E DC 6E 0A 88
