Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

Re^3: How to get good primes for DH agreement ?

by danaj (Friar)
on Mar 22, 2019 at 18:42 UTC ( #1231575=note: print w/replies, xml ) Need Help??


in reply to Re^2: How to get good primes for DH agreement ?
in thread How to get good primes for DH agreement ?

Yes, using what is sometimes called the PRIMEINC algorithm does introduce a significant bias, as some values will be output much more frequently than some others. At the moment there is no known exploit for this with non-tiny bit sizes, and some software uses it because it's not too hard to make it fast. Making the TRIVIAL algorithm (randomly select integers in the range and reject until it passes your primality test) fast takes more effort.

I think it is much more likely that something else is a bigger issue, as rolling ones own crypto is full of pitfalls. Admittedly using someone else's crypto stuff also has pitfalls, but they are usually more non-obvious.

Math::Prime::Util has a lot of routines for efficiently generating random primes. Relevant to DH, it has a routine for generating random n-bit strong primes, but not currently safe primes. I've written one which will go in the next version. It's of course possible to do it by hand, such as something like:

my $b = 256; # Whatever your bit length is my($p,$q); do { $q = random_nbit_prime($b-1); $p = 2*$q+1; } while ( ($q % 3) != 2 || ($q % 5) == 2 || ($p % 3) != 2 || !is_prime($p) ); return $p;
The advantage of the call is (1) it's ~10x faster, and (2) it's more convenient.


You can also call out to something like openssl.

Lastly, consider Crypt::DSA::GMP which follows the FIPS 186-2 or FIPS 186-4 standards for generating keys. It will give the <p,q,g> parameters you need.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://1231575]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others having an uproarious good time at the Monastery: (5)
As of 2022-01-18 17:36 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    In 2022, my preferred method to securely store passwords is:












    Results (53 votes). Check out past polls.

    Notices?