[Cryptography] DH non-prime kills "socat" command security
Benjamin Kreuter
brk7bx at virginia.edu
Mon Feb 8 22:03:36 EST 2016
On Thu, 2016-02-04 at 18:30 -0800, Henry Baker wrote:
> There is an outstanding problem: if we all use the same primes, large
> nation-states can build log (rainbow-like) tables for these primes;
> if we use different primes, we then have to prove to our
> correspondent that the "prime" we propose is really
> prime. Generating such primes and generating such easily-checkable
> proofs appears to take too much time for normal HTTPS ecommerce.
Also note that allowing people to generate their own parameters adds
complexity to protocols that are already notoriously difficult to get
right, and to their implementations which are also notoriously
difficult to get right. IMO it is better to choose common parameters
large enough to resist nation-state attacks, and for everyone to use
those parameters.
-- Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160208/3fbb0445/attachment.sig>
More information about the cryptography
mailing list