Globadis works

NetSec, hacking and other stuff

PSK Generator

2020-08-20 Globadis

In my line of work, I sometimes have to rely on Pre-Shared Keys. Be it for VPN configuration, sending crypted archives or changing a customer password, there are times when actually sharing the PSK can be a pain.

Of course, anyone who’s been confronted to that know the basics of sending a own-side genereted key to a peer, like sending the secret in multiple parts on different channels, but it’s still a bit tedious and quite frankly unfulfulling.

Fortunately, protocols to create a shared secret over an insecure channel exist. Unfortunately, I was not able to find an implementation that met all my needs :

  • Should be open source (of course)
  • Should run completely offline
  • Requires little or no software installation
  • (Optional) Ready to use, uncompiled code (don’t felt like compiling it myself)

So I took some time in developping my very own tool that you can now find in the links section of the blog and here : https://passwords.globadis.com

This is an implementation of the Diffie-Hellman key exchange, that allows for two peers to define a common secret using only an insecure channel that can be eavesdropped. It’s using javascript only, in a static HTML page with no 3rd-party calls, which can be safely downloaded and ran off the local computer. Don’t trust me : do download it and run it offline.

Implementing DHKEP in full javascript led me to two problems :

  • It requires to compute huge exponents efficiently but we only need their modulo
  • I needed to get my hands on a huge prime number and find a primitive root modulo p

First problem was actually easily resolved, as tons of people already worked on this and I took a ModPow function which does exactly what I need : Compute ns mod p without the need to actually compute ns first.

Second was a bit tighter for me, as I had only remote knowledge of the arcanes of applied mathematics. I first tried to get a huge prime number and check if a given root r is a primitive root modulo p, but my efforts were quickly thrown off by the absurd computing power needed to test this when p is over 10100, as it requires factorization of p. After some research, I read about Sophie Germain and Safe prime numbers. I’m not going into details, but for r to be a primitive root of p, we need to test every factors of p-1. If we take p as a Safe Number, then p-1 is prime so we don’t have much to test.

As computing the Safe number offline was not going to be an issue, I took the first Titanc (over 1000 digits) Sophie Germain prime number sgprime (10999 + 2222239) and its Safe prime (2x sgprime +1)

Let’s take our initial checklist to see if this generator meets all requirements :

  • It is open source (you can find sources in my Github as well)
  • It runs offline
  • Requires no software installation
  • Ready to use

You can now all enjoy generating shared secrets easily :)