Antwort: Re: Two questions regarding Diffie-Hellman key exchange

oliver.hanka at oliver.hanka at
Mon Sep 17 16:09:44 WST 2007

Thank you very much! Exactly what I was looking for.

Hav a nice day.

Matt Johnston <matt at> 
14.09.2007 17:21

oliver.hanka at
dropbear at
Re: Two questions regarding Diffie-Hellman key exchange

On Fri, Sep 14, 2007 at 05:11:46PM +0200, oliver.hanka at wrote:
> Hello,
> I am currently working on my master-thesis, which involves implementing 
> the SSH protocol on a smart-card. Therefore I am using dropbear as a non 

> cpu and memory intensiv blueprint.
> I am currently stucked with two questions regarding the Diffie-Hellman 
> exchange (SSH_MSG_KEXDH_INIT message). First of all, can you point me to 
> document where the prime number p (128Byte) is defined? Unfortunatly the 

> RFC 4253 (SSH Transport Layer) doesn't give a hint.

Take a look at section 6.2 of RFC 2409. The naming is a bit
of a shambles - I'm not sure why diffie-hellman-group1-sha1
actually refers to "Second Oakley Group".

> The next question I am puzzled with: How come the result (e) of the 
> side 'e = g^x mod p' calculation is a 133 Byte value? At least, that's 
> what it looks like when I sniff the packet with wireshark (formaly 
> ethereal). From my understanding, a modulo calculation with a 128 byte 
> value should produce a result equal or less than 128 byte. Am I wrong?
> Are there additional bytes added to e, which the RFC 4253 doesn't 
>  (the message is described in section 8, RFC 4252, jan 2006)

Have a look at section 5, rfc4251. mpints have a 4 byte
lengthh, then may be padded by a byte if their most
significant bit is set.


-------------- next part --------------
An HTML attachment was scrubbed...

More information about the Dropbear mailing list