[security] Diffie-Hellman parameter validation
Johnny Bufu
johnny at sxip.com
Tue Mar 27 07:55:45 UTC 2007
Jason Fritcher pointed out in a thread on the openid4java list that
there may be a security issue with the way the DH session is
established:
> I've been thinking about how the RP can supply DH parameters to the
> OP, and was wondering if any discussion has occurred about whether to
> include language in the spec about how OPs should do validation of the
> DH params that get sent to them. A few quick checks of the modulus
> like primality checking and possibly enforcing the use of safe primes.
> It might also be good to check the supplied generator to make sure it
> is valid for the supplied modulus. I'm no where close to being being a
> crypto guru, but I wrote a Secure Remote Password implementation and
> after the research I did for that, not checking the DH params in the
> OP seems like a weakness. I might just be overly paranoid here and
> OpenID really doesn't need that level of security, but I thought I'd
> ask.
<http://groups.google.com/group/openid4java/browse_thread/thread/
f96a7b68bb15272d/c9f0f1a85e3372cc#c9f0f1a85e3372cc>
I am not a security expert either, but this seems a valid point to
me. Can someone with deeper crypto knowledge please confirm / infirm?
I think we should either mention that the OP SHUOLD perform such
validation, or at least mention the possible eavesdropping attack in
the security considerations section.
Thanks,
Johnny
More information about the security
mailing list