[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: Re: IKEv2 Key Size Conformance Requirements

To: Charlie_Kaufman@notesdev.ibm.com, pgut001@cs.auckland.ac.nz
Subject: Re: Fwd: Re: IKEv2 Key Size Conformance Requirements
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
Date: Tue, 5 Nov 2002 05:16:32 +1300 (NZDT)
Cc: ipsec@lists.tislabs.com, owner-ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

Charlie_Kaufman@notesdev.ibm.com writes:
>Bill Sommerfeld <sommerfeld@east.sun.com> wrote:
>>For what it's worth, I'll repeat what I said last time.. *in real
>>life* I've seen both PGP and SSH implementations generate keys with
>>moduli which were a bit or two shorter than the desired size.
>
>Key generation implementations that pick random primes sometimes come up with
>moduli a bit or two shorter than they had intended.

The PGP missing-bits problem was in old 2.x versions.  5.x used bnlib for its
bignum work which had code in there to ensure that if you asked for n bits,
you got exactly n bits (from memory I think it set the high bits to ensure
that the number is exactly n bits long, i.e. 2^(n-1) <= number < 2^n).  I
assume newer versions still use the same code.  SSH (specifically OpenSSH)
does odd things with its keygen, including setting e=35, so I don't think
that's a good example to follow.

>What about DSS keys?

I've heard of those.  I've even got one or two DSA certs, you can find them
"rare species" section of the museum.  It's right next to the "mythological
creatures" section, which holds the X9.42 DH certs.

Peter.

Prev by Date: Public key distribution methods?
Next by Date: Re: Fwd: Re: IKEv2 Key Size Conformance Requirements
Prev by thread: RE: Fwd: Re: IKEv2 Key Size Conformance Requirements
Next by thread: RE: Dead peer detection
Index(es):
- Date
- Thread