[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] Decrease DH group length to 1024. (Roger, you may want to ...

To: or-cvs@freehaven.net
Subject: [or-cvs] Decrease DH group length to 1024. (Roger, you may want to ...
From: nickm@seul.org (Nick Mathewson)
Date: Tue, 6 May 2003 22:28:46 -0400 (EDT)
Delivered-to: archiver@seul.org
Delivered-to: or-cvs-outgoing@seul.org
Delivered-to: or-cvs@seul.org
Delivery-date: Tue, 06 May 2003 22:29:45 -0400
Reply-to: or-dev@freehaven.net
Sender: owner-or-cvs@freehaven.net

Update of /home/or/cvsroot/src/common
In directory moria.mit.edu:/tmp/cvs-serv17125/src/common

Modified Files:
	crypto.c crypto.h 
Log Message:
Decrease DH group length to 1024.  (Roger, you may want to read section 1 of the IETF draft: a 1024-bit DH key probably reduces our cipher strength to ~80 bits.)

Index: crypto.c
===================================================================
RCS file: /home/or/cvsroot/src/common/crypto.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -d -r1.16 -r1.17
--- crypto.c	7 May 2003 02:13:23 -0000	1.16
+++ crypto.c	7 May 2003 02:28:42 -0000	1.17
@@ -695,6 +695,7 @@
   g = BN_new();
   assert(p && g);
 
+#if 0 
   /* This is from draft-ietf-ipsec-ike-modp-groups-05.txt.  It's a safe
      prime, and supposedly it equals:
       2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 }
@@ -708,6 +709,18 @@
 		"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
 		"83655D23DCA3AD961C62F356208552BB9ED529077096966D"
 		"670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF");
+#endif
+
+  /* This is from rfc2409, section 6.2.  It's a safe prime, and
+     supposedly it equals:
+        2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
+  */
+  r = BN_hex2bn(&p,
+		"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
+		"8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
+		"302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
+		"A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
+		"49286651ECE65381FFFFFFFFFFFFFFFF");
   assert(r);
 
   r = BN_set_word(g, 2);

Index: crypto.h
===================================================================
RCS file: /home/or/cvsroot/src/common/crypto.h,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- crypto.h	7 May 2003 02:13:23 -0000	1.9
+++ crypto.h	7 May 2003 02:28:42 -0000	1.10
@@ -72,7 +72,8 @@
 
 /* Key negotiation */
 typedef struct crypto_dh_env_st crypto_dh_env_t;
-#define CRYPTO_DH_SIZE (1536 / 8)
+/* #define CRYPTO_DH_SIZE (1536 / 8) */
+#define CRYPTO_DH_SIZE (1024 / 8)
 crypto_dh_env_t *crypto_dh_new();
 int crypto_dh_get_bytes(crypto_dh_env_t *dh);
 int crypto_dh_get_public(crypto_dh_env_t *dh, char *pubkey_out,

Prev by Author: [or-cvs] Decrease DH group length to 1024. (Roger, you may want to ...
Next by Author: [or-cvs] Tested backends for directory signing and checking. Direct...
Previous by thread: [or-cvs] Decrease DH group length to 1024. (Roger, you may want to ...
Next by thread: [or-cvs] fix double-semicolon parse error
Index(es):
- Author
- Thread