Peter Gutmann skrev 2014-03-08 02:21:
The problem with calculating the hash of the internal representation, is that the hash will depend on the internal representation, which is prone to be implementation specific. Is it little endian or big endian? Is there a zero valued word in the most significant position or not?Mouse <mouse%Rodents-Montreal.ORG@localhost> writes:Getting a hash of the byte string seems to be the easiest way to do this.Not just computing it and comparing it against the value in RFC3526?It depends what you're trying to verify. If the question is "are the values given in RFC 2409/3526 correct?" then that's the way to do it (and thanks for pointing out the issue with bc and pi :-). If the question is "does the byte string I currently have in memory correspond to the data in the RFC" then shelling out to Mathematica and bc isn't really an option, a SHA-1 hash for quick verification seems the best way to go.
I think it is possible to run a relatively fast arithmetic test that will be dominated by the time it takes to perform a single modular exponentiation. If you got a big num libary, implementing an optimized formula for pi is relatively easy. You could implement a function that returns the prime p given the bit size n and small constant k, and let this function verify that k is the correct value.