[Ach] Fwd: [cryptography] Diffie-Hellman Params Best Practice on Web Server?
christian mock
cm at coretec.at
Tue Dec 10 17:36:33 CET 2013
On Mon, Dec 09, 2013 at 06:08:19PM +0300, ianG wrote:
> some questions that might test the text...
That question also came up on
<http://crypto.stackexchange.com/questions/12223/how-should-i-manage-diffie-hellman-parameters-on-a-web-server>
, and the (currently) only answer says
When I am asked for recommendations for DH groups, I always send
people to the IKE groups; those are all safe primes (and work well
with g=2, not leaking even that one bit)
which may be solid advice to include in the paper, if anybody with
actual crypto knowledge can confirm that statement.
Also, since we discussed (WRT dovecot, I think) how often to regenerate
the DH parameters, the answer says:
no, you shouldn't have to rotate the group parameters on a regular
basis. It turns out that solving the problem "given these N DH
exchanges over the same group, solve any one of them" is not
actually any easier than "given this 1 DH exchange, find the shared
secret". That is, if the group is weak when you reuse it for DH, you
shouldn't be using that group in the first place.
Again, if that can be verified, that'll answer that question once and
for all.
The following paper may also be interesting:
http://crypto.cs.mcgill.ca/~stiglic/Papers/dhfull.pdf
cm.
--
Christian Mock Wiedner Hauptstr. 15
Senior Security Engineer 1040 Wien
CoreTEC IT Security Solutions GmbH +43-1-5037273
FN 214709 z
.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
CoreTEC: Web Application Audit - Damit so etwas nicht passiert!
http://heise.de/-1260559
.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
More information about the Ach
mailing list