search

stribika / stribika.github.io

307 stars 33 forks source link

Moduli Generation #35

Closed LukeMauldin closed 9 years ago

LukeMauldin commented 9 years ago

Followed steps to do a clean generation of moduli. I followed the steps:

ssh-keygen -G "${HOME}/moduli" -b 4096
ssh-keygen -T /etc/ssh/moduli -f "${HOME}/moduli"
rm "${HOME}/moduli"

However, if I execute awk '$5 < 2000' /etc/ssh/moduli I get multiple rows. Should there be another command to strip out all of the lines in that file that are less than 2000?

stribika commented 9 years ago

Followed steps to do a clean generation of moduli. I followed the steps:

ssh-keygen -G "${HOME}/moduli" -b 4096 ssh-keygen -T /etc/ssh/moduli -f "${HOME}/moduli" rm "${HOME}/moduli"

However, if I execute awk '$5 < 2000' /etc/ssh/moduli I get multiple rows.

That should not happen. Are you sure /etc/ssh/moduli was successfully overwritten by ssh-keygen -T? The file modification time can help determining this, if you don't want to start over.

Are there small primes in the temporary file generated by ssh-keygen -G? That should only generate 4096 primes.

Should there be another command to strip out all of the lines in that file that are less than 2000?

There is, but you should not need it if you just generated 4096 bit primes.

LukeMauldin commented 9 years ago

For reference I following the commands again and you can see the output below. As you can see, there are still lines with less than 2000 in the generated output.

lmauldindev ➜  ~  ssh-keygen -G "${HOME}/moduli" -b 4096
Fri May 29 10:04:42 2015 Sieve next 268304384 plus 4095-bit
Fri May 29 10:10:09 2015 Sieved with 203277289 small primes in 327 seconds
Fri May 29 10:10:15 2015 Found 221946 candidates
lmauldindev ➜  ~  ssh-keygen -T /etc/ssh/moduli -f "${HOME}/moduli"
Couldn't open moduli file "/etc/ssh/moduli": Permission denied
lmauldindev ➜  ~  sudo ssh-keygen -T /etc/ssh/moduli -f "${HOME}/moduli"
[sudo] password for lmauldin:
Fri May 29 10:35:32 2015 processed 14802 of 221946 (6%) in 0:05, ETA 1:09
Fri May 29 10:40:32 2015 processed 29863 of 221946 (13%) in 0:10, ETA 1:04
Fri May 29 10:45:32 2015 processed 44164 of 221946 (19%) in 0:15, ETA 1:00
Fri May 29 10:50:32 2015 processed 58427 of 221946 (26%) in 0:20, ETA 0:55
Fri May 29 10:55:32 2015 processed 73337 of 221946 (33%) in 0:25, ETA 0:50
Fri May 29 11:00:32 2015 processed 87579 of 221946 (39%) in 0:30, ETA 0:46
Fri May 29 11:05:32 2015 processed 102083 of 221946 (45%) in 0:35, ETA 0:41
Fri May 29 11:10:32 2015 processed 117542 of 221946 (52%) in 0:40, ETA 0:35
Fri May 29 11:15:32 2015 processed 132452 of 221946 (59%) in 0:45, ETA 0:30
Fri May 29 11:20:32 2015 processed 147177 of 221946 (66%) in 0:50, ETA 0:25
Fri May 29 11:25:32 2015 processed 162709 of 221946 (73%) in 0:55, ETA 0:20
Fri May 29 11:30:32 2015 processed 177796 of 221946 (80%) in 1:00, ETA 0:14
Fri May 29 11:35:32 2015 processed 193148 of 221946 (87%) in 1:05, ETA 0:09
Fri May 29 11:40:32 2015 processed 208422 of 221946 (93%) in 1:10, ETA 0:04
Fri May 29 11:44:59 2015 Found 33 safe primes of 185053 candidates in 4466 seconds
lmauldindev ➜  ~  awk '$5 > 2000' /etc/ssh/moduli | wc -l
236
stribika commented 9 years ago

lmauldindev ➜ ~ ssh-keygen -G "${HOME}/moduli" -b 4096 Fri May 29 10:04:42 2015 Sieve next 268304384 plus 4095-bit Fri May 29 10:10:09 2015 Sieved with 203277289 small primes in 327 seconds Fri May 29 10:10:15 2015 Found 221946 candidates lmauldindev ➜ ~ ssh-keygen -T /etc/ssh/moduli -f "${HOME}/moduli" Couldn't open moduli file "/etc/ssh/moduli": Permission denied

^^ Well, there's your problem.

lmauldindev ➜ ~ sudo ssh-keygen -T /etc/ssh/moduli -f "${HOME}/moduli" [sudo] password for lmauldin: Fri May 29 10:35:32 2015 processed 14802 of 221946 (6%) in 0:05, ETA 1:09 Fri May 29 10:40:32 2015 processed 29863 of 221946 (13%) in 0:10, ETA 1:04 Fri May 29 10:45:32 2015 processed 44164 of 221946 (19%) in 0:15, ETA 1:00 Fri May 29 10:50:32 2015 processed 58427 of 221946 (26%) in 0:20, ETA 0:55 Fri May 29 10:55:32 2015 processed 73337 of 221946 (33%) in 0:25, ETA 0:50 Fri May 29 11:00:32 2015 processed 87579 of 221946 (39%) in 0:30, ETA 0:46 Fri May 29 11:05:32 2015 processed 102083 of 221946 (45%) in 0:35, ETA 0:41 Fri May 29 11:10:32 2015 processed 117542 of 221946 (52%) in 0:40, ETA 0:35 Fri May 29 11:15:32 2015 processed 132452 of 221946 (59%) in 0:45, ETA 0:30 Fri May 29 11:20:32 2015 processed 147177 of 221946 (66%) in 0:50, ETA 0:25 Fri May 29 11:25:32 2015 processed 162709 of 221946 (73%) in 0:55, ETA 0:20 Fri May 29 11:30:32 2015 processed 177796 of 221946 (80%) in 1:00, ETA 0:14 Fri May 29 11:35:32 2015 processed 193148 of 221946 (87%) in 1:05, ETA 0:09 Fri May 29 11:40:32 2015 processed 208422 of 221946 (93%) in 1:10, ETA 0:04 Fri May 29 11:44:59 2015 Found 33 safe primes of 185053 candidates in 4466 seconds lmauldindev ➜ ~ awk '$5 > 2000' /etc/ssh/moduli | wc -l 236

stribika commented 9 years ago

2015-05-29 20:16 GMT+02:00 LukeMauldin notifications@github.com:

For reference I following the commands again and you can see the output below. As you can see, there are still lines with less than 2000 in the generated output.

lmauldindev ➜ ~ ssh-keygen -G "${HOME}/moduli" -b 4096 Fri May 29 10:04:42 2015 Sieve next 268304384 plus 4095-bit Fri May 29 10:10:09 2015 Sieved with 203277289 small primes in 327 seconds Fri May 29 10:10:15 2015 Found 221946 candidates lmauldindev ➜ ~ ssh-keygen -T /etc/ssh/moduli -f "${HOME}/moduli" Couldn't open moduli file "/etc/ssh/moduli": Permission denied lmauldindev ➜ ~ sudo ssh-keygen -T /etc/ssh/moduli -f "${HOME}/moduli" [sudo] password for lmauldin: Fri May 29 10:35:32 2015 processed 14802 of 221946 (6%) in 0:05, ETA 1:09 Fri May 29 10:40:32 2015 processed 29863 of 221946 (13%) in 0:10, ETA 1:04 Fri May 29 10:45:32 2015 processed 44164 of 221946 (19%) in 0:15, ETA 1:00 Fri May 29 10:50:32 2015 processed 58427 of 221946 (26%) in 0:20, ETA 0:55 Fri May 29 10:55:32 2015 processed 73337 of 221946 (33%) in 0:25, ETA 0:50 Fri May 29 11:00:32 2015 processed 87579 of 221946 (39%) in 0:30, ETA 0:46 Fri May 29 11:05:32 2015 processed 102083 of 221946 (45%) in 0:35, ETA 0:41 Fri May 29 11:10:32 2015 processed 117542 of 221946 (52%) in 0:40, ETA 0:35 Fri May 29 11:15:32 2015 processed 132452 of 221946 (59%) in 0:45, ETA 0:30 Fri May 29 11:20:32 2015 processed 147177 of 221946 (66%) in 0:50, ETA 0:25 Fri May 29 11:25:32 2015 processed 162709 of 221946 (73%) in 0:55, ETA 0:20 Fri May 29 11:30:32 2015 processed 177796 of 221946 (80%) in 1:00, ETA 0:14 Fri May 29 11:35:32 2015 processed 193148 of 221946 (87%) in 1:05, ETA 0:09 Fri May 29 11:40:32 2015 processed 208422 of 221946 (93%) in 1:10, ETA 0:04 Fri May 29 11:44:59 2015 Found 33 safe primes of 185053 candidates in 4466 seconds lmauldindev ➜ ~ awk '$5 > 2000' /etc/ssh/moduli | wc -l

^^ OK, this is counting the good lines. Now I'm lost

236

LukeMauldin commented 9 years ago

I corrected the Permission denied issue by running the command with sudo which you can see in the text above. I accidentally used the wrong comparison in the awk command above. I have fixed it and you can see from the text below that there are 86 lines < 2000:

lmauldindev ➜  ~  awk '$5 < 2000' /etc/ssh/moduli | wc -l
86
stribika commented 9 years ago

Got it, ssh-keygen is appending to the output file.

if (do_screen_candidates) {
    FILE *in; 
    FILE *out = fopen(out_file, "a");
    …
}

I will correct the instructions to account for this.