| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
| Cc: | Daniel Gustafsson <daniel(at)yesql(dot)se>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Replacing the EDH SKIP primes |
| Date: | 2019-07-02 07:49:12 |
| Message-ID: | 20190702074912.GJ1388@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Jul 02, 2019 at 08:14:25AM +0100, Peter Eisentraut wrote:
> It appears that we have consensus to go ahead with this.
Yeah, I was planning to look at that one next. Or perhaps you would
like to take care of it, Peter?
> <paranoia>
> I was wondering whether the provided binary blob contained any checksums
> or other internal checks. How would we know whether it contains
> transposed characters or replaces a 1 by a I or a l? If I just randomly
> edit the blob, the ssl tests still pass. (The relevant load_dh_buffer()
> call does get called by the tests.) How can we make sure we actually
> got a good copy?
> </paranoia>
PEM_read_bio_DHparams() has some checks on the Diffie-Hellman key, but
it is up to the caller to make sure that it is normally providing a
prime number in this case to make the cracking harder, no? RFC 3526
has a small formula in this case, which we can use to double-check the
patch.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Gustafsson | 2019-07-02 07:56:03 | Re: Refactoring base64 encoding and decoding into a safer interface |
| Previous Message | Oleksandr Shulgin | 2019-07-02 07:35:18 | Re: POC: converting Lists into arrays |