[Ach] DH theory section

Aaron Zauner azet at azet.org
Wed Dec 25 18:32:06 CET 2013


It states here that
Where configurable, we recommend using the Diffie Hellman groups defined for IKE, specifically groups 14-18 (2048–8192 bit MODP, [KK03]) and 19-21 (256–521 bit elliptic curve DH, [FS10]). These groups have been checked by many eyes and can be assumed to be secure.
Well. That is simply not true for the EC groups. See discussion on ECC.

Also: I’m not sure that we should provide DH parameters ourselves, since
	1) we need to maintain those
	2) we are not a proper authority to do so (at least in my opionion)
	3) they have to be perfect

I recommend to just write a paragraph on how to generate them and what’s important for that security-wise. Or just get rid of the statement.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1091 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131225/f8427d11/attachment.sig>

More information about the Ach mailing list