[Cryptography] Fwd: freedom-to-tinker.com: How is NSA breaking so much crypto?

John-Mark Gurney jmg at funkthat.com
Fri Oct 16 18:35:07 EDT 2015


Ray Dillinger wrote this message on Fri, Oct 16, 2015 at 13:39 -0700:
> Isn't the appropriate fix making sure that different numbers get used
> each time DH is performed?  And won't that be the appropriate thing to
> do regardless of the key length being used?

Please go run openssl dhparam 1024 (or for more fun, 2048), and tell
me if doing that on every connection, https session, etc, is doable?

For everyone else, it's about a second, but can take >5 seconds to
generate a 1024 bit dh parameter...  2048 can take >47 second and this
is on a 2.5GHz Core i7...

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."


More information about the cryptography mailing list