Re: [exim-dev] [Bug 1837] small subgroup attack

Top Page
Delete this message
Reply to this message
Author: Viktor Dukhovni
Date:  
To: exim-dev
Subject: Re: [exim-dev] [Bug 1837] small subgroup attack
On Sun, May 29, 2016 at 05:01:16AM +0000, admin@??? wrote:

> https://bugs.exim.org/show_bug.cgi?id=1837
>
> --- Comment #6 from Phil Pennock <pdp@???> ---
> The change is needed. Not disputing that.
>
> The current values can be validated by comparison to the documented values;
> each one came from an RFC, and was transformed using util/gen_pkcs3.c
>
> This change updates the encoded data strings but doesn't update any information
> about their provenance, making it much harder for people to validate the origin
> of these and know that we're not back-dooring their crypto.
>
> So the better fix is likely to update util/gen_pkcs3.c to take an optional
> dh_q; see the usage() function for the current API.
>
> This is my fault; I didn't understand the importance of the q values and stuck
> to encoding what worked for all the values, not handling optional extras from
> the newer RFC.


I cannot emphasize this more strongly. The RFC in question is
informational (not standards track) and in hindsight harmful. It
really is best to just remove support for the groups from this RFC.

-- 
    Viktor.