In my line of work, I sometimes have to rely on Pre-Shared Keys. Be it for VPN configuration, sending crypted archives or changing a customer password, there are times when actually sharing the PSK can be a pain.
Of course, anyone who’s been confronted to that know the basics of sending a own-side genereted key to a peer, like sending the secret in multiple parts on different channels, but it’s still a bit tedious and quite frankly unfulfulling.
Fortunately, protocols to create a shared secret over an insecure channel exist. Unfortunately, I was not able to find an implementation that met all my needs :
- Should be open source (of course)
- Should run completely offline
- Requires little or no software installation
- (Optional) Ready to use, uncompiled code (don’t felt like compiling it myself)
So I took some time in developping my very own tool that you can now find in the links section of the blog and here : https://passwords.globadis.com
- It requires to compute huge exponents efficiently but we only need their modulo
- I needed to get my hands on a huge prime number and find a primitive root modulo p
First problem was actually easily resolved, as tons of people already worked on this and I took a ModPow function which does exactly what I need : Compute ns mod p without the need to actually compute ns first.
Second was a bit tighter for me, as I had only remote knowledge of the arcanes of applied mathematics. I first tried to get a huge prime number and check if a given root r is a primitive root modulo p, but my efforts were quickly thrown off by the absurd computing power needed to test this when p is over 10100, as it requires factorization of p. After some research, I read about Sophie Germain and Safe prime numbers. I’m not going into details, but for r to be a primitive root of p, we need to test every factors of p-1. If we take p as a Safe Number, then p-1 is prime so we don’t have much to test.
As computing the Safe number offline was not going to be an issue, I took the first Titanc (over 1000 digits) Sophie Germain prime number sgprime (10999 + 2222239) and its Safe prime (2x sgprime +1)
Let’s take our initial checklist to see if this generator meets all requirements :
- It is open source (you can find sources in my Github as well)
- It runs offline
- Requires no software installation
- Ready to use
You can now all enjoy generating shared secrets easily :)