[Ach] Fwd: [cryptography] Diffie-Hellman Params Best Practice on Web Server?

christian mock cm at coretec.at
Tue Dec 10 17:36:33 CET 2013


On Mon, Dec 09, 2013 at 06:08:19PM +0300, ianG wrote:
> some questions that might test the text...

That question also came up on
<http://crypto.stackexchange.com/questions/12223/how-should-i-manage-diffie-hellman-parameters-on-a-web-server>
, and the (currently) only answer says

  When I am asked for recommendations for DH groups, I always send
  people to the IKE groups; those are all safe primes (and work well
  with g=2, not leaking even that one bit)

which may be solid advice to include in the paper, if anybody with
actual crypto knowledge can confirm that statement.

Also, since we discussed (WRT dovecot, I think) how often to regenerate
the DH parameters, the answer says:

  no, you shouldn't have to rotate the group parameters on a regular
  basis. It turns out that solving the problem "given these N DH
  exchanges over the same group, solve any one of them" is not
  actually any easier than "given this 1 DH exchange, find the shared
  secret". That is, if the group is weak when you reuse it for DH, you
  shouldn't be using that group in the first place.

Again, if that can be verified, that'll answer that question once and
for all.

The following paper may also be interesting:

http://crypto.cs.mcgill.ca/~stiglic/Papers/dhfull.pdf

cm.

-- 
Christian Mock                          Wiedner Hauptstr. 15
Senior Security Engineer                1040 Wien
CoreTEC IT Security Solutions GmbH      +43-1-5037273
FN 214709 z

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
CoreTEC: Web Application Audit - Damit so etwas nicht passiert!

http://heise.de/-1260559

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.



More information about the Ach mailing list