[Ach] [cryptography] Diffie-Hellman Params Best Practice on Web Server?

Aaron Zauner azet at azet.org
Wed Dec 11 23:04:48 CET 2013

Hehe, at least you went with your own explaination. I looked it up and
Bruce does that way better than I could. :)

To simplify for people who don't want to go through Wikipedia reading up on
computations/arithmetic modulo prime and number theory (it's actually not
that bad as long as you find a good math text book with a chapter on number
theory in it): these parameters (groups and primes) are publicly known -
sent in plain at the beginning of the key exchange - and designed to be
publicly known. Pre-computation would not make much sense; since there are
different groups, and of course, many different primes to choose from. All
groups I'd feel comfortable to recommend are above 1536bits. i.e.
pre-computation is extremely unlikely. Whats-more - there are attacks on
some groups and subgroups that are outside of standard specifications or -
 for example - badly chosen at random [0] [1] [2].

Since I could not find a single source that recommends generation (and
regeneration) of DH parameters in a way that makes sense (i.e. describes
why that should be done - instead of just recommending it or configuring
services that do that) I'm convinced that we should stay with the
parameters as recommended by RFCs and implemented in various crypto


[0] http://www.ietf.org/rfc/rfc2785.txt
[1] http://en.wikipedia.org/wiki/Small_subgroup_confinement_attack
[2] http://crypto.stackexchange.com/a/10026

On Wed, Dec 11, 2013 at 10:50 PM, L. Aaron Kaplan <kaplan at cert.at> wrote:

> Damn, you beat me at answering Pepi's last mail :)
> On Dec 11, 2013, at 5:57 PM, Aaron Zauner <azet at azet.org> wrote:
> > Hi,
> >
> > The same holds true for RSA and factoring primes in general. If we go
> there we should consider telling people to turn away from modern technology
> (ted kaczynski manged that pretty well,.. oh. wait.).
> >
> (...)
> ---
> // L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
> // CERT Austria - http://www.cert.at/
> // Eine Initiative der nic.at GmbH - http://www.nic.at/
> // Firmenbuchnummer 172568b, LG Salzburg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20131211/b7020868/attachment.html>

More information about the Ach mailing list