Discussion:
[erlang-questions] SSL and hardcoded DH prime
Alexander Petrovsky
2018-08-23 14:57:28 UTC
Permalink
Hello!

We have stumble upon default DH prime (2048 bits) in Erlang when we try to
establish TLS session with cisco spa303 (VoIP hardphone)
via TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) cipher suite. Unfortunately,
this hardphone can work only with 1024 bit DH prime.

I wonder, why Ingela hardcoded this DH prime -
https://github.com/erlang/otp/commit/3458af579af6600870c5ada69b81085f47e9f52b

In my synthetical tests, new DH prime generation is fast enough
(crypto:strong_rand_bytes(256)), about 17 us in 99 percentile in 1000000
iterations.

Why Ingela has hardcoded this DH prime and is any reason why I shouldn't
generate DH prime in real-time?
--
ПетрПвскОй АлексаМЎр / Alexander Petrovsky,

Skype: askjuise
Phone: +7 931 9877991
Ingela Andin
2018-08-23 17:12:18 UTC
Permalink
Hi!

It is only the default value that is hard coded (a recommend value), you
may configure your own parameters with dh or dhfile option.

Regards Ingela
Post by Alexander Petrovsky
Hello!
We have stumble upon default DH prime (2048 bits) in Erlang when we try to
establish TLS session with cisco spa303 (VoIP hardphone)
via TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) cipher suite. Unfortunately,
this hardphone can work only with 1024 bit DH prime.
I wonder, why Ingela hardcoded this DH prime -
https://github.com/erlang/otp/commit/3458af579af6600870c5ada69b81085f47e9f52b
In my synthetical tests, new DH prime generation is fast enough
(crypto:strong_rand_bytes(256)), about 17 us in 99 percentile in 1000000
iterations.
Why Ingela has hardcoded this DH prime and is any reason why I shouldn't
generate DH prime in real-time?
--
ПетрПвскОй АлексаМЎр / Alexander Petrovsky,
Skype: askjuise
Phone: +7 931 9877991
_______________________________________________
erlang-questions mailing list
http://erlang.org/mailman/listinfo/erlang-questions
Alexander Petrovsky
2018-08-23 17:27:02 UTC
Permalink
Yeah, Ingela, thanks! About default value and dh, dhfile options I know.
The main question - is the any reasons don’t generate DH prime in real-time?
Post by Ingela Andin
Hi!
It is only the default value that is hard coded (a recommend value), you
may configure your own parameters with dh or dhfile option.
Regards Ingela
Den tors 23 aug. 2018 kl 16:57 skrev Alexander Petrovsky <
Post by Alexander Petrovsky
Hello!
We have stumble upon default DH prime (2048 bits) in Erlang when we try
to establish TLS session with cisco spa303 (VoIP hardphone)
via TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) cipher suite. Unfortunately,
this hardphone can work only with 1024 bit DH prime.
I wonder, why Ingela hardcoded this DH prime -
https://github.com/erlang/otp/commit/3458af579af6600870c5ada69b81085f47e9f52b
In my synthetical tests, new DH prime generation is fast enough
(crypto:strong_rand_bytes(256)), about 17 us in 99 percentile in 1000000
iterations.
Why Ingela has hardcoded this DH prime and is any reason why I shouldn't
generate DH prime in real-time?
--
ПетрПвскОй АлексаМЎр / Alexander Petrovsky,
Skype: askjuise
Phone: +7 931 9877991
_______________________________________________
erlang-questions mailing list
http://erlang.org/mailman/listinfo/erlang-questions
--
ПетрПвскОй АлексаМЎр / Alexander Petrovsky,

Skype: askjuise
Phone: +7 931 9877991
Paul Peregud
2018-08-23 19:07:24 UTC
Permalink
Its a long-ish process. But you can run it during installation or first run.

$ time openssl dhparam -out dhparam.pem 2048
...
real 0m3,623s
user 0m3,612s
sys 0m0,000s
Post by Alexander Petrovsky
Yeah, Ingela, thanks! About default value and dh, dhfile options I know.
The main question - is the any reasons don’t generate DH prime in real-time?
Post by Ingela Andin
Hi!
It is only the default value that is hard coded (a recommend value), you
may configure your own parameters with dh or dhfile option.
Regards Ingela
Den tors 23 aug. 2018 kl 16:57 skrev Alexander Petrovsky <
Post by Alexander Petrovsky
Hello!
We have stumble upon default DH prime (2048 bits) in Erlang when we try
to establish TLS session with cisco spa303 (VoIP hardphone)
via TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) cipher suite. Unfortunately,
this hardphone can work only with 1024 bit DH prime.
I wonder, why Ingela hardcoded this DH prime -
https://github.com/erlang/otp/commit/3458af579af6600870c5ada69b81085f47e9f52b
In my synthetical tests, new DH prime generation is fast enough
(crypto:strong_rand_bytes(256)), about 17 us in 99 percentile in 1000000
iterations.
Why Ingela has hardcoded this DH prime and is any reason why I shouldn't
generate DH prime in real-time?
--
ПетрПвскОй АлексаМЎр / Alexander Petrovsky,
Skype: askjuise
Phone: +7 931 9877991
_______________________________________________
erlang-questions mailing list
http://erlang.org/mailman/listinfo/erlang-questions
--
ПетрПвскОй АлексаМЎр / Alexander Petrovsky,
Skype: askjuise
Phone: +7 931 9877991
_______________________________________________
erlang-questions mailing list
http://erlang.org/mailman/listinfo/erlang-questions
--
Best regards,
Paul Peregud
+48602112091
Alexander Petrovsky
2018-08-23 19:43:19 UTC
Permalink
No, I can use dh option in Erlang and generate in des format DH prime and
DH generator. It’s very fast.
Post by Paul Peregud
Its a long-ish process. But you can run it during installation or first run.
$ time openssl dhparam -out dhparam.pem 2048
...
real 0m3,623s
user 0m3,612s
sys 0m0,000s
Post by Alexander Petrovsky
Yeah, Ingela, thanks! About default value and dh, dhfile options I know.
The main question - is the any reasons don’t generate DH prime in real-time?
Post by Ingela Andin
Hi!
It is only the default value that is hard coded (a recommend value), you
may configure your own parameters with dh or dhfile option.
Regards Ingela
Den tors 23 aug. 2018 kl 16:57 skrev Alexander Petrovsky <
Post by Alexander Petrovsky
Hello!
We have stumble upon default DH prime (2048 bits) in Erlang when we try
to establish TLS session with cisco spa303 (VoIP hardphone)
via TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) cipher suite. Unfortunately,
this hardphone can work only with 1024 bit DH prime.
I wonder, why Ingela hardcoded this DH prime -
https://github.com/erlang/otp/commit/3458af579af6600870c5ada69b81085f47e9f52b
In my synthetical tests, new DH prime generation is fast enough
(crypto:strong_rand_bytes(256)), about 17 us in 99 percentile in 1000000
iterations.
Why Ingela has hardcoded this DH prime and is any reason why I
shouldn't generate DH prime in real-time?
--
ПетрПвскОй АлексаМЎр / Alexander Petrovsky,
Skype: askjuise
Phone: +7 931 9877991
_______________________________________________
erlang-questions mailing list
http://erlang.org/mailman/listinfo/erlang-questions
--
ПетрПвскОй АлексаМЎр / Alexander Petrovsky,
Skype: askjuise
Phone: +7 931 9877991
_______________________________________________
erlang-questions mailing list
http://erlang.org/mailman/listinfo/erlang-questions
--
Best regards,
Paul Peregud
+48602112091
--
ПетрПвскОй АлексаМЎр / Alexander Petrovsky,

Skype: askjuise
Phone: +7 931 9877991
Frank Muller
2018-08-24 03:11:15 UTC
Permalink
How? Show us please!!!

No, I can use dh option in Erlang and generate in des format DH prime and
Post by Alexander Petrovsky
DH generator. It’s very fast.
Post by Paul Peregud
Its a long-ish process. But you can run it during installation or first run.
$ time openssl dhparam -out dhparam.pem 2048
...
real 0m3,623s
user 0m3,612s
sys 0m0,000s
Post by Alexander Petrovsky
Yeah, Ingela, thanks! About default value and dh, dhfile options I know.
The main question - is the any reasons don’t generate DH prime in real-time?
Post by Ingela Andin
Hi!
It is only the default value that is hard coded (a recommend value),
you may configure your own parameters with dh or dhfile option.
Regards Ingela
Den tors 23 aug. 2018 kl 16:57 skrev Alexander Petrovsky <
Post by Alexander Petrovsky
Hello!
We have stumble upon default DH prime (2048 bits) in Erlang when we
try to establish TLS session with cisco spa303 (VoIP hardphone)
via TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) cipher suite. Unfortunately,
this hardphone can work only with 1024 bit DH prime.
I wonder, why Ingela hardcoded this DH prime -
https://github.com/erlang/otp/commit/3458af579af6600870c5ada69b81085f47e9f52b
In my synthetical tests, new DH prime generation is fast enough
(crypto:strong_rand_bytes(256)), about 17 us in 99 percentile in 1000000
iterations.
Why Ingela has hardcoded this DH prime and is any reason why I
shouldn't generate DH prime in real-time?
--
ПетрПвскОй АлексаМЎр / Alexander Petrovsky,
Skype: askjuise
Phone: +7 931 9877991
_______________________________________________
erlang-questions mailing list
http://erlang.org/mailman/listinfo/erlang-questions
--
ПетрПвскОй АлексаМЎр / Alexander Petrovsky,
Skype: askjuise
Phone: +7 931 9877991
_______________________________________________
erlang-questions mailing list
http://erlang.org/mailman/listinfo/erlang-questions
--
Best regards,
Paul Peregud
+48602112091
--
ПетрПвскОй АлексаМЎр / Alexander Petrovsky,
Skype: askjuise
Phone: +7 931 9877991
_______________________________________________
erlang-questions mailing list
http://erlang.org/mailman/listinfo/erlang-questions
Alexander Petrovsky
2018-08-24 07:13:22 UTC
Permalink
From official ssl doc
http://erlang.org/doc/man/ssl.html

*{dh, public_key:der_encoded()}*

The DER-encoded Diffie-Hellman parameters. If specified, it overrides
option dhfile.
Post by Frank Muller
How? Show us please!!!
No, I can use dh option in Erlang and generate in des format DH prime and
Post by Alexander Petrovsky
DH generator. It’s very fast.
Post by Paul Peregud
Its a long-ish process. But you can run it during installation or first run.
$ time openssl dhparam -out dhparam.pem 2048
...
real 0m3,623s
user 0m3,612s
sys 0m0,000s
Post by Alexander Petrovsky
Yeah, Ingela, thanks! About default value and dh, dhfile options I
know. The main question - is the any reasons don’t generate DH prime in
real-time?
Post by Ingela Andin
Hi!
It is only the default value that is hard coded (a recommend value),
you may configure your own parameters with dh or dhfile option.
Regards Ingela
Den tors 23 aug. 2018 kl 16:57 skrev Alexander Petrovsky <
Post by Alexander Petrovsky
Hello!
We have stumble upon default DH prime (2048 bits) in Erlang when we
try to establish TLS session with cisco spa303 (VoIP hardphone)
via TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) cipher suite. Unfortunately,
this hardphone can work only with 1024 bit DH prime.
I wonder, why Ingela hardcoded this DH prime -
https://github.com/erlang/otp/commit/3458af579af6600870c5ada69b81085f47e9f52b
In my synthetical tests, new DH prime generation is fast enough
(crypto:strong_rand_bytes(256)), about 17 us in 99 percentile in 1000000
iterations.
Why Ingela has hardcoded this DH prime and is any reason why I
shouldn't generate DH prime in real-time?
--
ПетрПвскОй АлексаМЎр / Alexander Petrovsky,
Skype: askjuise
Phone: +7 931 9877991
_______________________________________________
erlang-questions mailing list
http://erlang.org/mailman/listinfo/erlang-questions
--
ПетрПвскОй АлексаМЎр / Alexander Petrovsky,
Skype: askjuise
Phone: +7 931 9877991
_______________________________________________
erlang-questions mailing list
http://erlang.org/mailman/listinfo/erlang-questions
--
Best regards,
Paul Peregud
+48602112091
--
ПетрПвскОй АлексаМЎр / Alexander Petrovsky,
Skype: askjuise
Phone: +7 931 9877991
_______________________________________________
erlang-questions mailing list
http://erlang.org/mailman/listinfo/erlang-questions
--
ПетрПвскОй АлексаМЎр / Alexander Petrovsky,

Skype: askjuise
Phone: +7 931 9877991
Frank Muller
2018-08-24 07:46:30 UTC
Permalink
It’s not about that. Generating a 2048 DH can take a long time. And you
said it’s fast and you want to make it real time.

From official ssl doc
Post by Alexander Petrovsky
http://erlang.org/doc/man/ssl.html
*{dh, public_key:der_encoded()}*
The DER-encoded Diffie-Hellman parameters. If specified, it overrides
option dhfile.
Post by Frank Muller
How? Show us please!!!
No, I can use dh option in Erlang and generate in des format DH prime and
Post by Alexander Petrovsky
DH generator. It’s very fast.
Post by Paul Peregud
Its a long-ish process. But you can run it during installation or first run.
$ time openssl dhparam -out dhparam.pem 2048
...
real 0m3,623s
user 0m3,612s
sys 0m0,000s
Post by Alexander Petrovsky
Yeah, Ingela, thanks! About default value and dh, dhfile options I
know. The main question - is the any reasons don’t generate DH prime in
real-time?
Post by Ingela Andin
Hi!
It is only the default value that is hard coded (a recommend value),
you may configure your own parameters with dh or dhfile option.
Regards Ingela
Den tors 23 aug. 2018 kl 16:57 skrev Alexander Petrovsky <
Post by Alexander Petrovsky
Hello!
We have stumble upon default DH prime (2048 bits) in Erlang when we
try to establish TLS session with cisco spa303 (VoIP hardphone)
via TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) cipher suite. Unfortunately,
this hardphone can work only with 1024 bit DH prime.
I wonder, why Ingela hardcoded this DH prime -
https://github.com/erlang/otp/commit/3458af579af6600870c5ada69b81085f47e9f52b
In my synthetical tests, new DH prime generation is fast enough
(crypto:strong_rand_bytes(256)), about 17 us in 99 percentile in 1000000
iterations.
Why Ingela has hardcoded this DH prime and is any reason why I
shouldn't generate DH prime in real-time?
--
ПетрПвскОй АлексаМЎр / Alexander Petrovsky,
Skype: askjuise
Phone: +7 931 9877991
_______________________________________________
erlang-questions mailing list
http://erlang.org/mailman/listinfo/erlang-questions
--
ПетрПвскОй АлексаМЎр / Alexander Petrovsky,
Skype: askjuise
Phone: +7 931 9877991
_______________________________________________
erlang-questions mailing list
http://erlang.org/mailman/listinfo/erlang-questions
--
Best regards,
Paul Peregud
+48602112091
--
ПетрПвскОй АлексаМЎр / Alexander Petrovsky,
Skype: askjuise
Phone: +7 931 9877991
_______________________________________________
erlang-questions mailing list
http://erlang.org/mailman/listinfo/erlang-questions
--
ПетрПвскОй АлексаМЎр / Alexander Petrovsky,
Skype: askjuise
Phone: +7 931 9877991
Alexander Petrovsky
2018-08-24 08:29:51 UTC
Permalink
Oh, shame on me, I forget that it's not a random number, it's random prime,
so, you are absolutely right, it's not so fast. Thanks.
Post by Frank Muller
It’s not about that. Generating a 2048 DH can take a long time. And you
said it’s fast and you want to make it real time.
From official ssl doc
Post by Alexander Petrovsky
http://erlang.org/doc/man/ssl.html
*{dh, public_key:der_encoded()}*
The DER-encoded Diffie-Hellman parameters. If specified, it overrides
option dhfile.
Post by Frank Muller
How? Show us please!!!
No, I can use dh option in Erlang and generate in des format DH prime
and DH generator. It’s very fast.
Post by Paul Peregud
Its a long-ish process. But you can run it during installation or first run.
$ time openssl dhparam -out dhparam.pem 2048
...
real 0m3,623s
user 0m3,612s
sys 0m0,000s
On Thu, Aug 23, 2018 at 5:27 PM Alexander Petrovsky <
Post by Alexander Petrovsky
Yeah, Ingela, thanks! About default value and dh, dhfile options I
know. The main question - is the any reasons don’t generate DH prime in
real-time?
Post by Ingela Andin
Hi!
It is only the default value that is hard coded (a recommend value),
you may configure your own parameters with dh or dhfile option.
Regards Ingela
Den tors 23 aug. 2018 kl 16:57 skrev Alexander Petrovsky <
Post by Alexander Petrovsky
Hello!
We have stumble upon default DH prime (2048 bits) in Erlang when we
try to establish TLS session with cisco spa303 (VoIP hardphone)
via TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) cipher suite. Unfortunately,
this hardphone can work only with 1024 bit DH prime.
I wonder, why Ingela hardcoded this DH prime -
https://github.com/erlang/otp/commit/3458af579af6600870c5ada69b81085f47e9f52b
In my synthetical tests, new DH prime generation is fast enough
(crypto:strong_rand_bytes(256)), about 17 us in 99 percentile in 1000000
iterations.
Why Ingela has hardcoded this DH prime and is any reason why I
shouldn't generate DH prime in real-time?
--
ПетрПвскОй АлексаМЎр / Alexander Petrovsky,
Skype: askjuise
Phone: +7 931 9877991
_______________________________________________
erlang-questions mailing list
http://erlang.org/mailman/listinfo/erlang-questions
--
ПетрПвскОй АлексаМЎр / Alexander Petrovsky,
Skype: askjuise
Phone: +7 931 9877991
_______________________________________________
erlang-questions mailing list
http://erlang.org/mailman/listinfo/erlang-questions
--
Best regards,
Paul Peregud
+48602112091
--
ПетрПвскОй АлексаМЎр / Alexander Petrovsky,
Skype: askjuise
Phone: +7 931 9877991
_______________________________________________
erlang-questions mailing list
http://erlang.org/mailman/listinfo/erlang-questions
--
ПетрПвскОй АлексаМЎр / Alexander Petrovsky,
Skype: askjuise
Phone: +7 931 9877991
--
ПетрПвскОй АлексаМЎр / Alexander Petrovsky,

Skype: askjuise
Phone: +7 931 9877991
Frank Muller
2018-08-24 08:33:43 UTC
Permalink
No problem, thanks!


Oh, shame on me, I forget that it's not a random number, it's random prime,
Post by Alexander Petrovsky
so, you are absolutely right, it's not so fast. Thanks.
Post by Frank Muller
It’s not about that. Generating a 2048 DH can take a long time. And you
said it’s fast and you want to make it real time.
From official ssl doc
Post by Alexander Petrovsky
http://erlang.org/doc/man/ssl.html
*{dh, public_key:der_encoded()}*
The DER-encoded Diffie-Hellman parameters. If specified, it overrides
option dhfile.
Post by Frank Muller
How? Show us please!!!
No, I can use dh option in Erlang and generate in des format DH prime
and DH generator. It’s very fast.
Post by Paul Peregud
Its a long-ish process. But you can run it during installation or first run.
$ time openssl dhparam -out dhparam.pem 2048
...
real 0m3,623s
user 0m3,612s
sys 0m0,000s
On Thu, Aug 23, 2018 at 5:27 PM Alexander Petrovsky <
Post by Alexander Petrovsky
Yeah, Ingela, thanks! About default value and dh, dhfile options I
know. The main question - is the any reasons don’t generate DH prime in
real-time?
Post by Ingela Andin
Hi!
It is only the default value that is hard coded (a recommend
value), you may configure your own parameters with dh or dhfile option.
Regards Ingela
Den tors 23 aug. 2018 kl 16:57 skrev Alexander Petrovsky <
Post by Alexander Petrovsky
Hello!
We have stumble upon default DH prime (2048 bits) in Erlang when
we try to establish TLS session with cisco spa303 (VoIP hardphone)
via TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) cipher suite. Unfortunately,
this hardphone can work only with 1024 bit DH prime.
I wonder, why Ingela hardcoded this DH prime -
https://github.com/erlang/otp/commit/3458af579af6600870c5ada69b81085f47e9f52b
In my synthetical tests, new DH prime generation is fast enough
(crypto:strong_rand_bytes(256)), about 17 us in 99 percentile in 1000000
iterations.
Why Ingela has hardcoded this DH prime and is any reason why I
shouldn't generate DH prime in real-time?
--
ПетрПвскОй АлексаМЎр / Alexander Petrovsky,
Skype: askjuise
Phone: +7 931 9877991
_______________________________________________
erlang-questions mailing list
http://erlang.org/mailman/listinfo/erlang-questions
--
ПетрПвскОй АлексаМЎр / Alexander Petrovsky,
Skype: askjuise
Phone: +7 931 9877991
_______________________________________________
erlang-questions mailing list
http://erlang.org/mailman/listinfo/erlang-questions
--
Best regards,
Paul Peregud
+48602112091
--
ПетрПвскОй АлексаМЎр / Alexander Petrovsky,
Skype: askjuise
Phone: +7 931 9877991
_______________________________________________
erlang-questions mailing list
http://erlang.org/mailman/listinfo/erlang-questions
--
ПетрПвскОй АлексаМЎр / Alexander Petrovsky,
Skype: askjuise
Phone: +7 931 9877991
--
ПетрПвскОй АлексаМЎр / Alexander Petrovsky,
Skype: askjuise
Phone: +7 931 9877991
Hans Nilsson R
2018-08-24 08:41:14 UTC
Permalink
Hi!

You can't just grab any prime and use it in DH. Any prime will work, but very
few primes are safe to use. And to find a safe prime is a slow process...

Only one out of 400000 1024-bits primes are safe according to

https://security.stackexchange.com/questions/5263/where-do-i-get-prime-numbers-for-diffie-hellman-can-i-use-them-twice

/Hans
Post by Alexander Petrovsky
Hello!
We have stumble upon default DH prime (2048 bits) in Erlang when we try to
establish TLS session with cisco spa303 (VoIP hardphone)
via TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) cipher suite. Unfortunately,
this hardphone can work only with 1024 bit DH prime.
I wonder, why Ingela hardcoded this DH prime -
https://github.com/erlang/otp/commit/3458af579af6600870c5ada69b81085f47e9f52b
In my synthetical tests, new DH prime generation is fast enough
(crypto:strong_rand_bytes(256)), about 17 us in 99 percentile in 1000000
iterations.
Why Ingela has hardcoded this DH prime and is any reason why I shouldn't
generate DH prime in real-time?
_______________________________________________
erlang-questions mailing list
http://erlang.org/mailman/listinfo/erlang-questions
Alexander Petrovsky
2018-08-24 08:52:51 UTC
Permalink
Oh, thanks, I don't know about that, it's very helpful.
Post by Hans Nilsson R
Hi!
You can't just grab any prime and use it in DH. Any prime will work, but very
few primes are safe to use. And to find a safe prime is a slow process...
Only one out of 400000 1024-bits primes are safe according to
https://security.stackexchange.com/questions/5263/where-do-i-get-prime-numbers-for-diffie-hellman-can-i-use-them-twice
/Hans
Post by Alexander Petrovsky
Hello!
We have stumble upon default DH prime (2048 bits) in Erlang when we try
to
Post by Alexander Petrovsky
establish TLS session with cisco spa303 (VoIP hardphone)
via TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) cipher suite.
Unfortunately,
Post by Alexander Petrovsky
this hardphone can work only with 1024 bit DH prime.
I wonder, why Ingela hardcoded this DH prime -
https://github.com/erlang/otp/commit/3458af579af6600870c5ada69b81085f47e9f52b
Post by Alexander Petrovsky
In my synthetical tests, new DH prime generation is fast enough
(crypto:strong_rand_bytes(256)), about 17 us in 99 percentile in 1000000
iterations.
Why Ingela has hardcoded this DH prime and is any reason why I shouldn't
generate DH prime in real-time?
_______________________________________________
erlang-questions mailing list
http://erlang.org/mailman/listinfo/erlang-questions
_______________________________________________
erlang-questions mailing list
http://erlang.org/mailman/listinfo/erlang-questions
--
ПетрПвскОй АлексаМЎр / Alexander Petrovsky,

Skype: askjuise
Phone: +7 931 9877991
Hans Nilsson R
2018-08-24 09:35:46 UTC
Permalink
Check the ssh-keygen command with -G and -T

https://man.openbsd.org/ssh-keygen#MODULI_GENERATION

or try the Erlang/OTP function public_key:dh_gex_group/4 which randomly selects a good prime from a pre-generated list of such:

1> public_key:dh_gex_group(1024, 1024, 1024, undefined).
{ok,{1023,
{5,

137423569441246262992289626302405506810075372518201635033473127540045433614984773406065519964899878780586235832348933590594300290793347611716697640359482924853366011641117770719027755146909495326369377183195861495553717174988136205384838926110458474346294939275424613035724229598089601829380531182016066518343}}}
2> public_key:dh_gex_group(1024, 1024, 1024, undefined).
{ok,{1023,
{2,

137423569441246262992289626302405506810075372518201635033473127540045433614984773406065519964899878780586235832348933590594300290793347611716697640359482924853366011641117770719027755146909495326369377183195861495553717174988136205384838926110458474346294939275424613035724229598089601829380531182016051761379}}}
3>

/Hans
Post by Alexander Petrovsky
Oh, thanks, I don't know about that, it's very helpful.
Post by Hans Nilsson R
Hi!
You can't just grab any prime and use it in DH. Any prime will work, but very
few primes are safe to use. And to find a safe prime is a slow process...
Only one out of 400000 1024-bits primes are safe according to
https://security.stackexchange.com/questions/5263/where-do-i-get-prime-numbers-for-diffie-hellman-can-i-use-them-twice
/Hans
Post by Alexander Petrovsky
Hello!
We have stumble upon default DH prime (2048 bits) in Erlang when we try
to
Post by Alexander Petrovsky
establish TLS session with cisco spa303 (VoIP hardphone)
via TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) cipher suite.
Unfortunately,
Post by Alexander Petrovsky
this hardphone can work only with 1024 bit DH prime.
I wonder, why Ingela hardcoded this DH prime -
https://github.com/erlang/otp/commit/3458af579af6600870c5ada69b81085f47e9f52b
Post by Alexander Petrovsky
In my synthetical tests, new DH prime generation is fast enough
(crypto:strong_rand_bytes(256)), about 17 us in 99 percentile in 1000000
iterations.
Why Ingela has hardcoded this DH prime and is any reason why I shouldn't
generate DH prime in real-time?
_______________________________________________
erlang-questions mailing list
http://erlang.org/mailman/listinfo/erlang-questions
_______________________________________________
erlang-questions mailing list
http://erlang.org/mailman/listinfo/erlang-questions
Loading...