Re: Q: DH Parameter Generation and Confinement Attacks



ggr@xxxxxxxxxxxxx (Greg Rose) writes:

FIPS ummm... 186-2 has a procedure for this too. Basically, take a
seed and hash it with SHA-1.
[...]

For extra joy, FIPS 186--3 has a slightly different procedure, which
uses SHA-256 and friends -- but lets you generate keys with larger
subgroups, so there is a point.

I have code that will do it, which I will make available if there is
enough interest. (I have to jump through export control/legal hoops
these days, so I won't do it unless people care. It uses libtomcrypt.)

I also have code which will do the FIPS 186--2 version of the procedure.
(My crypto library is a bit behind the times nowadays; it's awaiting
some shiny new toys I need for a major overhaul, and they're waiting on
something else, so don't expect the --3 version for a while.)

-- [mdw]
.