Re: iSCSI: DH-CHAP and SRP groups

[Tom Wu <tom@arcot.com>]

Paul Koning wrote:
> I sent this earlier (April 10) as part of the note "DH-CHAP initial
> comments" but have seen no reaction, so let me try again...
> 
> Section 9 raises the open issue of chosing the D-H group(s), which is
> also open for SRP.  It seems to me the same solution can be applied to
> both, which is to adopt the groups already adopted (and verified to
> have the right mathematical properties) for IKE.  In particular,
> "Group 1" would serve, and, if people insist on a bigger one, "Group
> 2".  I don't see a strong reason to include any of the larger groups
> which have been proposed in the context of IKE and AES.

SRP requires that the generator be a primitive root modulo the safe 
prime.  You can re-use IKE moduli, provided they are verified as safe 
primes, and choose primitive generators for "g".

> This could be done by removing the N and g keys from SRP and DHCHAP,
> and replacing them by a single "group ID" key whose value is that of
> the group ID taken from RFC 2409.
> 
> Is there any reason why the D-H groups used in IKE would not also be
> suitable for DH-CHAP?  For SRP?
> 
> 	 paul
> 

Tom

-- 
Tom Wu
Principal Software Engineer
Arcot Systems
(408) 969-6124
"The Borg?  Sounds Swedish..."