[Cryptography] Defending against weak/trapdoored keys

Jan Dušátko jan at dusatko.org
Thu Oct 13 08:51:57 EDT 2016


Dne 13.10.2016 v 14:37 Henry Baker napsal(a):
> At 11:18 PM 10/12/2016, David Johnston wrote:
>> On 10/12/16 11:55 AM, Henry Baker wrote:
>>> Here's my (hopefully non-lame) attempt to fix DH to defend against weak and/or trapdoored primes/ECC-groups.
>> ...
>>
>> Use the hash output to seed a CSPRNG that services a prime search algorithm.
>>
>> Use the prime that is found.
>>
>> ...
> I'm not at all convinced that random "secure" primes/ECCgroups can be quickly & efficiently generated in real time.
>

Experience, generating DH parameters on Intel(R) Core(TM) i7-3612QE CPU @ 2.10GHz :

openssl dhparam -outform PEM -out dh[size].pem [size]

100x 256  <1s/per item
100x 512  <1s/per item
100x 1k  ~10s/per item
100x 2k  ~2m/per item
100x 4k  ~1h/per item
50x 8k  ~10h/per item
10x 16k  ~130h/per item
10x 32k  ~1100h/per item
  2x 64k  ~ 9500h/per item

Regards

Jan 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: jan.vcf
Type: text/x-vcard
Size: 242 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161013/d9bf591a/attachment.vcf>


More information about the cryptography mailing list