Probable primes are just ... probable, not certain. To use them in DH, we'd need to make sure they are actually prime numbers, and that takes a *very* long time. That's what the ssh-keygen -T does : it verifies candidates and discard non prime numbers. What's your constraints to want to generate those numbers at runtime ? If we externalize the file, I think this should provide a good enough way to change them (if the file is read each time a DH is created), so that you could generate the moduli file with ssh-keygen and just copy it at the right place for SSHD to pick it up.
Guillaume 2014-05-21 14:19 GMT+02:00 Pawel Sm7 <pawel....@gmail.com>: > Hello, > > for 3. Moduli file generator > > Below I've created the code sample showing how moduli file could be > recreated. > Not sure if the code is correct, as I checked using ssh-keygen that > the primes are unfortunately not safe. > > Maybe I miss something? Could you please advice? > Regards, > > Pawel > > > > import java.math.BigInteger; > import java.security.KeyFactory; > import java.security.KeyPair; > import java.security.KeyPairGenerator; > import java.security.SecureRandom; > > import javax.crypto.spec.DHParameterSpec; > import javax.crypto.spec.DHPublicKeySpec; > > public class DHKeyGenTest { > > public static void main(String[] args) throws Exception { > BigInteger p, g; > > for (int i = 0; i < 100; i++) { > SecureRandom rnd = new SecureRandom(); > p = BigInteger.probablePrime(1024, rnd); > g = BigInteger.probablePrime(2, rnd); > DHParameterSpec param = new DHParameterSpec(p, g); > > KeyPairGenerator kpg = > KeyPairGenerator.getInstance("DiffieHellman"); > kpg.initialize(param); > KeyPair kp = kpg.generateKeyPair(); > > KeyFactory kfactory = KeyFactory.getInstance("DiffieHellman"); > > DHPublicKeySpec kspec = (DHPublicKeySpec) > kfactory.getKeySpec(kp.getPublic(), > DHPublicKeySpec.class); > > p = kspec.getP(); > g = kspec.getG(); > > System.out.println("20140409160557 2 6 36 1023 " + > g.toString(16).toUpperCase() + " " > + p.toString(16).toUpperCase()); > } > } > > } > > > > Hello, > > > > I have 3 issues I would like to discuss. > > > > 1. Handling error scenarios if Prime cannot be found. > > Mina does not support fallback to weaker Diffie-Hellman algorithm if > Prime > > cannot be found. > > > > The failure approach of fall-thru to weaker Diffie-Hellman algorithm, > e.g. > > Group14 (embedded within the Code) if Prime cannot be found, either due > to > > MODULI File Access Errors or Prime Not Found in the File, is the typical > > approach of most SSH Server Implementations. > > OpenSSH follows this paradigm. Also it would help in communications > > robustness. > > It would be also nice to have a log event when the fallback happens. > > Do you agree that this is an issue? When could it be implemented? > > > > It makes sense to me. Especially, the spec ( > http://tools.ietf.org/html/rfc4419) says: > > The server should return the smallest group it knows that is larger > than the size the client requested. If the server does not know a > group that is larger than the client request, then it SHOULD return > the largest group it knows. In all cases, the size of the returned > group SHOULD be at least 1024 bits. > > > So feel free to raise a JIRA about that. > > > > > > 2. Moduli file integrity handling. > > Could you create e.g. a SHA-256 hash fingerprint of the moduli file > > contents, store it somewhere and add validation of moduli file using the > > fingerprint. > > This way we can deal with unauthorized tampering of moduli file. It is > > potential security issue. > > > > Not really sure I follow you. The moduli file is embedded in the sshd-core > jar and is not externalized at the moment. > It should be externalized, so please raise a JIRA for that. For > fingerprint, i'm not sure it should be embedded in the file as it would > make this file incompatible with the standard one, but giving it to sshd in > some way and verifying it before its use sounds good to me. > > > > > > 3. Moduli file generator > > Is there a roadmap to add a moduli generator so that there’s full support > > for group exchange generation and usage within Mina? > > e.g. Primes could be regenerated also when moduli file is corrupted. > > > > See above. Two things anyway : the format is fully compatible with the > standard moduli file so using the unix generator works fine. > Generating such primes can be very long and I'm not sure this is something > that should be done by sshd directly, though I don't have any problems with > sshd shipping a simple class to generate the primes. > > I don't really plan to work on SSHD on the coming weeks for such > enhancements, but if you feel comfortable, attach patches or git pull > requests to those issues and I can review them. > > Cheers, > Guillaume > > > > > > > > Regards, > > > > Pawel > > >