RE: DH group exchange (Re: SSH key algorithm updates)

To: "Mark D. Baushke" <mdb%juniper.net@localhost>
Subject: RE: DH group exchange (Re: SSH key algorithm updates)
From: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Date: Mon, 9 Nov 2015 00:46:54 +0000

mdb%juniper.net@localhost <mdb%juniper.net@localhost> writes:

>That said, I do not find any FIPS or NIST documents talking about Lim-Lee
>primes for use in FIPS certified systems.

Sure, because it post-dates the original NIST docs that specified the keygen.
The idea is that if you need FIPS validation you use the NIST generation
method, if you don't, you use any method that works, one obvious example being
Lim-Lee (same result but much quicker because you're generating lots of small
primes, particularly useful if you want to generate a new DH parameter set on
each handshake).

Since the verification process for both 186 and Lim-Lee generated values is
identical, you can verify the keys either way.  So the spec would cover both
NIST and non-NIST options at the same time, depending on implementer
preference.

Peter.

Follow-Ups:
- Re: DH group exchange (Re: SSH key algorithm updates)
  - From: Niels Möller
- Re: DH group exchange (Re: SSH key algorithm updates)
  - From: Mark D. Baushke

References:
- RE: DH group exchange (Re: SSH key algorithm updates)
  - From: Peter Gutmann
- Re: DH group exchange (Re: SSH key algorithm updates)
  - From: denis bider
- RE: DH group exchange (Re: SSH key algorithm updates)
  - From: Peter Gutmann
- Re: DH group exchange (Re: SSH key algorithm updates)
  - From: Mark D. Baushke

Prev by Date: RE: New version of rsa-sha2-512 draft posted: no more DSA
Next by Date: RE: SSH key algorithm updates
Previous by Thread: Re: DH group exchange (Re: SSH key algorithm updates)
Next by Thread: Re: DH group exchange (Re: SSH key algorithm updates)
Indexes:

Home | Main Index | Thread Index | Old Index