Actually, the information that *both* p and (p-1)/2 were checked for being prime is useful and should be cited in the spec.
On Fri, Jul 18, 2008 at 11:05 AM, Martin Atkins <[EMAIL PROTECTED]> wrote: > Dwayne C. Litzenberger wrote: >> http://openid.net/specs/openid-authentication-2_0.html#pvalue states: >> >> Appendix B. Diffie-Hellman Key Exchange Default Value >> >> This is a confirmed-prime number, used as the default modulus for >> Diffie-Hellman Key Exchange. In hexadecimal: >> >> DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61E >> F75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D268370557 >> 7D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E382 >> 6634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22C583AB >> >> Where did this number come from? A quick Google search reveals nothing >> particularly enlightening. >> >> When specifying constants for cryptographic protocols, it is customary >> to explain how the constant was arrived at so that people can be assured >> that they were not specially chosen to (for example) act as a backdoor. >> See: >> >> http://en.wikipedia.org/wiki/Nothing_up_my_sleeve_number >> http://en.wikipedia.org/wiki/Dual_EC_DRBG >> >> Ideally, this information should accompany the modulus in the OpenID >> spec itself. >> > > Paul Crowley originally pulled a number out of /etc/ssh/moduli on his > machine and checked it for prime-ness: > > http://lists.danga.com/pipermail/yadis/2005-June/000718.html > > I've not checked to see if this is the same number (too lazy to convert > huge hex to decimal) but even if it isn't I'd guess the number was > probably found in a similar way. > > Unfortunately, "I just picked this out of a file on my computer" isn't a > great thing to cite in a specification. > > > _______________________________________________ > specs mailing list > specs@openid.net > http://openid.net/mailman/listinfo/specs > -- --Breno +1 (650) 214-1007 desk +1 (408) 212-0135 (Grand Central) MTV-41-3 : 383-A PST (GMT-8) / PDT(GMT-7) _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
