Diffie-Hellman 128 bit
Hagai Bar-El
info at hbarel.com
Thu Mar 20 07:56:33 EST 2003
At 13/03/03 23:48, you wrote:
>I am looking at attacks on Diffie-Hellman.
>
>The protocol implementation I'm looking at designed their diffie-hellman
>using 128 bit primes (generated each time, yet P-1/2 will be a prime, so no
>go on pohlig-hellman attack), so what attacks are there that I can look at
>to come up with either the logarithm x from (a=g^x mod p) or the session key
>that is
>calculated. A brute force wouldn't work, unless I know the starting range.
>Are there any realistic
>attacks on DH parameters of this size, or is theoretically based on
>financial computation attacks?
You can find good explanation for the rationale behind Diffie-Hellman
parameters as well as general precautions for implementation in a good
paper called "Security Issues in the Diffie-Hellman Key Agreement Protocol"
You can find it in: http://citeseer.nj.nec.com/483430.html
Regards,
Hagai.
Hagai Bar-El - Information Security Analyst
Tel.: 972-8-9354152 Fax.: 972-8-9354152
E-mail: info at hbarel.com Web: www.hbarel.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list