[Ach] Fwd: [cryptography] Diffie-Hellman Params Best Practice on Web Server?

ianG iang at iang.org
Mon Dec 9 16:08:19 CET 2013


some questions that might test the text...


-------- Original Message --------
Subject: [cryptography] Diffie-Hellman Params Best Practice on Web Server?
Date: Sun, 8 Dec 2013 20:23:19 -0500
From: Jeffrey Walton <noloader at gmail.com>
Reply-To: noloader at gmail.com
To: Cryptography List <cryptography at randombit.net>

Hi All,

Is there a best practice for Diffie-Hellman parameters (p, g, and q)
used on a web server?

The server is using ephemeral keys, but should the parameters be
rotated on a regular basis ? Is it OK for the server to keep them
fixed for years (in the source code)? Or should they be generated
uniquely for each site?

This server does not appear to be under NIST and FIPS, so I don't
believe they need to be fixed for compliance.

Jeff
_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography





More information about the Ach mailing list