Origin of default prime in Diffie Hellman

Steven J. Murdoch yadis+Steven.Murdoch at cl.cam.ac.uk
Tue Sep 27 10:26:02 PDT 2005

I have been reading the OpenID specification and in particular looking
at the cryptography in use. I have a couple of questions, but I think
it would be easier to put these in separate messages.

My first question is where did the default value of p came from? There
are attacks on Diffie Hellman when p-1 has small factors, or has other
obscure properties, so normally implementations use a "safe prime"[1]
which avoids these problems. For example the Oakley primes in Appendix
E of RFC2412. Is p a standard prime, or was it specially generated? If
so, how was this done?

Thanks in advance,
Steven Murdoch.

[1] http://en.wikipedia.org/wiki/Safe_prime for a quick summary and
see Chapter 12 of "Practical Cryptography" by Niels Ferguson and Bruce
Schneier for more details.

w: http://www.cl.cam.ac.uk/users/sjm217/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.danga.com/pipermail/yadis/attachments/20050927/358b38a2/attachment.pgp

More information about the yadis mailing list