----- Original Message -----
From: "Bruker, Ohad" <[EMAIL PROTECTED]>
> All the basic stuff you mentioned is implemented right.
> It is already *WORKING* on Linux and Windows platforms without any
problems.
> I encounter this problem probably because Solaris does not support random
> device !!!
> The manual seeding of the PRNG probably cause this problem (symmetric key
in
> both sides is not equal).
> Thanks, Ohad.
The PRNG has absolutely nothing to do with the negotiation. The PRNG is only
used when creating the keys and their parameters, after that no randomness
enters or leaves the system. The DH exchange is simply:
Pka, Pkb = public keys for A and B
Ska, Skb = private keys for A and B
P = a large prime
G = a generator for P (typically a small prime, 2 or 5 is common)
Ska, Skb = Random numbers
Pka = G^Ska mod P
Pkb = G^Skb mod P
the shared secret is
K1 = Pka^Skb mod P
K2 = pkb^Ska mod P
K1=K2
Because the public key can also be any random value, the PRNG is not an
issue (as long as it doesn't generate 0). If you're sure that modular
exponentiation is working and that the keys are being transferred correctly,
then it must work, regardless of the PRNG involved. That's why I was asking
those questions. If you can dissect the implementation and make sure that
each of these is performing properly, DH key exchange will work correctly.
Joe
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
