[Ach] dhparam regeneration

A. Schulze sca at andreasschulze.de
Tue Nov 11 08:29:36 CET 2014


most documentation on DH parameter mention only how to *generate* them  
using openssl.

I like to know if
- it make sense at all to renew these dh parameter file from time to time
- and if so, which time span is reasonable.

I also learned these days that using the same DH parameter file on  
multiple hosts is not advised, too.

Could someone with more crypto-experience tell something about that?

Maybe bettercrypto.org ( Topic 3.7 "A note on Diffie Hellman Key  
Exchanges", Page 67 )
could be more detailed.


More information about the Ach mailing list