Origin of default prime in Diffie Hellman

Brad Fitzpatrick brad at danga.com
Tue Sep 27 10:27:20 PDT 2005

Paul picked it from one of the OpenSSH primes from /etc/moduli.

- Brad

On Tue, 27 Sep 2005, Steven J. Murdoch wrote:

> I have been reading the OpenID specification and in particular looking
> at the cryptography in use. I have a couple of questions, but I think
> it would be easier to put these in separate messages.
> My first question is where did the default value of p came from? There
> are attacks on Diffie Hellman when p-1 has small factors, or has other
> obscure properties, so normally implementations use a "safe prime"[1]
> which avoids these problems. For example the Oakley primes in Appendix
> E of RFC2412. Is p a standard prime, or was it specially generated? If
> so, how was this done?
> Thanks in advance,
> Steven Murdoch.
> [1] http://en.wikipedia.org/wiki/Safe_prime for a quick summary and
> see Chapter 12 of "Practical Cryptography" by Niels Ferguson and Bruce
> Schneier for more details.
> --
> w: http://www.cl.cam.ac.uk/users/sjm217/

More information about the yadis mailing list