Mapping DH / DHE p & g params to a group

Akerces

11/8/23, 8:56 AM

I'm doing a small code that performs a simple SSL/TLS analysis and I'm stuck on determining the size of the key exchange in the case of DH / DHE.

If I take the following example (wireshark capture) :

p Length: 128
p: acb31[...]
g Length: 1
g: 02
Pubkey Length: 128
Pubkey: 1935[...]

I just thought I could get the necessary information from G regarding this article

But it doesn't seem to be the case, because for another configuration I get

p Length: 256
p: a4d37[...]
g Length: 1
g: 02
Pubkey Length: 256
Pubkey: 4671[...]

The value of G is always 2, so the exchange key should be 1024, except that my exchange key is 2048 for this case.

How can I determine the size of my exchange key via theses settings? Can I just do p*8 ?
Thanks for the help

1 + 1

key-exchange

diffie-hellman

dave_thompson_085

11/9/23, 2:23 AM

The article you link is about DH in IPsec/IKE which uses standardized groups. TLS 1.2 and below (which you obviously have) can use any server-defined group, and many servers have created their own group (because lots of uninformed websites have recommended that, voodoo-like). For what is now retronymed FFDH (aka classic, integer, modp) TLS1.2 can use, and TLS1.3 always uses, standardized groups in a way similar to IKE but not exactly the same; see rfc7919.

Score:0

Crypto

Daniel S

11/8/23, 9:23 AM

In these cases the system is determined by the prime $p$ (you can check that the values 0xabc31... and 0x a4d37... are prime if you wish). The size of the prime in bytes can be read from the p Length so that in bits it is 8 times this value (assuming that the most significant bit is set).

The public key is then $2^r\mod p$ for some secret random number $r$ when $g=2$ as is the case. This public key can be anywhere in the range $[1,p-1]$, but is very likely to be the same length in bytes as $p$. It is possible that smaller public keys will be produced, and the packet formatting may or may not pad this out to the same length as $p$.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Mapping DH / DHE p & g params to a group

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.