[Ach] [cryptography] Diffie-Hellman Params Best Practice on Web Server?
iang at iang.org
Wed Dec 11 08:28:12 CET 2013
On 11/12/13 04:28 AM, Aaron Zauner wrote:
> I’ve talked privately to a couple of people and to people on the #crypto channel on freenode. I still cannot find a solid reason to generate your own DH params. All people I talk with agree unequivocally. Now there are standardised parameters/groups in RFCs, specs as well as implementations. These have been worked on and analyzed by cryptologists. I for my part strongly oppose recommending generation of custom parameters since you can do a lot more harm in messing with DH than for example as with RSA (i.e. you can easily deploy something that is trivial to crack/circumvent). Until somebody provides solid information/research on why we should recommend custom generation of DH params we should stay away from the topic in our paper and leave it with RFC recommendations. I for my part chose only non-EC groups (>1500bits) in my ASA configuration, that - of course - can be discussed.
I agree with that logic (I'm a cryptoplumber not a mathsmunger).
More information about the Ach