IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

I can has SHA-1 hashes for RFC 2409/3526 MODP groups?



I can has SHA-1 hashes for RFC 2409/3526 MODP groups?

The MODP groups for DH specified in RFC 2409 and 3526 seem to be widely used
in things like SSH and SSL/TLS, however unlike the RFC 5114 groups there's no
subgroup given and so no way to verify that the prime hasn't been corrupted in
some way (the generator is easy, it's always 2).  OTOH the RFC 5114 groups
have stupid generators so I don't know why anyone would use them.

In any case I'd like to have a means of verifying the validity of the data for
the RFC 2409/3526 primes as stored in memory, but if I generate my own SHA-1
hashes then there's the risk that I'm verifying flawed data.  Does anyone have
SHA-1 hash values for the RFC 2409/3526 primes, i.e. the 1024/1536/2048/etc-
bit values in the two RFCs?  The values I've got are:

RFC 2409, 1024-bit prime: c0 33 bd 43 51 fb a3 73 25 45 ea 2e 01 6d 52 b0 ...
RFC 3526, 1536-bit prime: 49 ec ab a9 72 7a 1a f0 63 60 82 c4 67 48 5a 1a ...
RFC 3526, 2048-bit prime: b9 5c 79 9a a5 dd 38 8c 6d f5 e7 23 98 cb 9d 7d ...
RFC 3526, 3072-bit prime: 94 1a 04 77 38 fe 55 33 33 69 e2 b3 86 b6 d6 18 ...

Peter.


Home | Main Index | Thread Index | Old Index