[Ach] DH theory section

christian mock cm at coretec.at
Wed Dec 25 19:03:41 CET 2013

On Wed, Dec 25, 2013 at 06:32:06PM +0100, Aaron Zauner wrote:

> Well. That is simply not true for the EC groups. See discussion on ECC.

I'm OK with removing them.

> Also: I’m not sure that we should provide DH parameters ourselves, since
> 	1) we need to maintain those
> 	2) we are not a proper authority to do so (at least in my opionion)
> 	3) they have to be perfect

Nope. See the DH discussion which resulted in "use the IPSEC groups";
so I whipped up those scripts to generate them from
the numbers in the RFCs (actually, only the MODP ones), see

1) there is not much to maintain, unless a new RFC comes out with
additional groups

2) True, but there's no other source for those as PEM files that I
could find, so in the spirit of directly usable stuff I decided to
generate the PEM files (cf tools/dhparams) to be put on the web site.

3) They have to be as perfect as other stuff we recommend -- what if
someone finds a flaw in AES or RSA?

> I recommend to just write a paragraph on how to generate them and what’s important for that security-wise. Or just get rid of the statement.

Again, see the discussion on the list, generating them oneselves seems
more risky than using those "peer reviewed" parameters.


Christian Mock                          Wiedner Hauptstr. 15
Senior Security Engineer                1040 Wien
CoreTEC IT Security Solutions GmbH      +43-1-5037273
FN 214709 z

CoreTEC: Web Application Audit - Damit so etwas nicht passiert!



More information about the Ach mailing list