Re: Q: DH Parameter Generation and Confinement Attacks

ggr@xxxxxxxxxxxxx (Greg Rose) writes:

FIPS ummm... 186-2 has a procedure for this too. Basically, take a
seed and hash it with SHA-1.

For extra joy, FIPS 186--3 has a slightly different procedure, which
uses SHA-256 and friends -- but lets you generate keys with larger
subgroups, so there is a point.

I have code that will do it, which I will make available if there is
enough interest. (I have to jump through export control/legal hoops
these days, so I won't do it unless people care. It uses libtomcrypt.)

I also have code which will do the FIPS 186--2 version of the procedure.
(My crypto library is a bit behind the times nowadays; it's awaiting
some shiny new toys I need for a major overhaul, and they're waiting on
something else, so don't expect the --3 version for a while.)

-- [mdw]

Relevant Pages

  • Re: Does shuffle() produce uniform result ?
    ... However, due to advances in technology, NIST plans to phase out of ... SHA-1 in favor of the larger and stronger hash functions (SHA-224, ... SHA-1 and the stronger hash functions in FIPS ...
  • Crptography and FIPS
    ... Digital Signature - FIPS 186-2 ... Hash Algorithm 0 FIPS 180-1 certified (SHA-1) ...
  • Re: Outrageous claims on cash collision exploits???
    ... > cryptography to prevent key compromise. ... > if they will eventually need to replace SHA-1 with something stronger. ... See FIPS 180-2. ...