[Ach] DH theory section

christian mock cm at coretec.at
Wed Dec 25 19:03:41 CET 2013


On Wed, Dec 25, 2013 at 06:32:06PM +0100, Aaron Zauner wrote:

> Well. That is simply not true for the EC groups. See discussion on ECC.

I'm OK with removing them.

> Also: I’m not sure that we should provide DH parameters ourselves, since
> 	1) we need to maintain those
> 	2) we are not a proper authority to do so (at least in my opionion)
> 	3) they have to be perfect

Nope. See the DH discussion which resulted in "use the IPSEC groups";
so I whipped up those scripts to generate them from
the numbers in the RFCs (actually, only the MODP ones), see
tools/dhparams.

1) there is not much to maintain, unless a new RFC comes out with
additional groups

2) True, but there's no other source for those as PEM files that I
could find, so in the spirit of directly usable stuff I decided to
generate the PEM files (cf tools/dhparams) to be put on the web site.

3) They have to be as perfect as other stuff we recommend -- what if
someone finds a flaw in AES or RSA?

> I recommend to just write a paragraph on how to generate them and what’s important for that security-wise. Or just get rid of the statement.

Again, see the discussion on the list, generating them oneselves seems
more risky than using those "peer reviewed" parameters.

cm.

-- 
Christian Mock                          Wiedner Hauptstr. 15
Senior Security Engineer                1040 Wien
CoreTEC IT Security Solutions GmbH      +43-1-5037273
FN 214709 z

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
CoreTEC: Web Application Audit - Damit so etwas nicht passiert!

http://heise.de/-1260559

.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.



More information about the Ach mailing list