# PSK Generator

In my line of work, I sometimes have to rely on Pre-Shared Keys. Be it for VPN configuration, sending crypted archives or changing a customer password, there are times when actually sharing the PSK can be a pain.

Of course, anyone who’s been confronted to that know the basics of sending a own-side genereted key to a peer, like sending the secret in multiple parts on different channels, but it’s still a bit tedious and quite frankly unfulfulling.

Fortunately, protocols to create a shared secret over an insecure channel exist. Unfortunately, I was not able to find an implementation that met all my needs :

- Should be open source (of course)
- Should run completely offline
- Requires little or no software installation
- (Optional) Ready to use, uncompiled code (don’t felt like compiling it myself)

So I took some time in developping my very own tool that you can now find in the links section of the blog and here : **https://passwords.globadis.com**

This is an implementation of the Diffie-Hellman key exchange, that allows for two peers to define a common secret using only an insecure channel that can be eavesdropped. It’s using javascript only, in a static HTML page with no 3rd-party calls, which can be safely downloaded and ran off the local computer. Don’t trust me : do download it and run it offline.

Implementing DHKEP in full javascript led me to two problems :

- It requires to compute huge exponents efficiently but we only need their modulo
- I needed to get my hands on a huge prime number and find a primitive root modulo p

First problem was actually easily resolved, as tons of people already worked on this and I took a ModPow function which does exactly what I need : Compute n^{s} mod p
without the need to actually compute n^{s} first.

Second was a bit tighter for me, as I had only remote knowledge of the arcanes of applied mathematics. I first tried to get a huge prime number and check if a given root *r* is a primitive root modulo *p*,
but my efforts were quickly thrown off by the absurd computing power needed to test this when *p* is over 10^{100}, as it requires factorization of *p*.
After some research, I read about Sophie Germain and Safe prime numbers.
I’m not going into details, but for *r* to be a primitive root of *p*, we need to test every factors of *p-1*. If we take *p* as a Safe Number, then *p-1* is prime so we don’t have much to test.

As computing the Safe number offline was not going to be an issue, I took the first Titanc (over 1000 digits) Sophie Germain prime number
*sgprime* (10^{999} + 2222239) and its Safe prime (2x *sgprime* +1)

Let’s take our initial checklist to see if this generator meets all requirements :

- It is open source (you can find sources in my Github as well)
- It runs offline
- Requires no software installation
- Ready to use

You can now all enjoy generating shared secrets easily :)