[exim-dev] [Bug 1837] small subgroup attack

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 1837] small subgroup attack
https://bugs.exim.org/show_bug.cgi?id=1837

--- Comment #2 from Luke Valenta <luke.valenta@???> ---
Sure, perhaps you could take a look at Section 1.2 of
https://www.ietf.org/rfc/rfc2785.txt for a brief overview of small subgroup
attacks. There is still a decent amount of crypto/number theory involved
though, so be warned.

>From a programming perspective, fixing this bug to include proper subgroup

validation would involve specifying the subgroup order q as part of the
Diffie-Hellman parameters in
https://github.com/Exim/exim/blob/master/src/src/std-crypto.c, and whenever a
Diffie-Hellman public value is received as part of a key exchange, making sure
that you call the OpenSSL DH_check_pub_key function with dh->q defined.

Please let me know if there is anything in particular that you would like me to
clarify.

--
You are receiving this mail because:
You are on the CC list for the bug.