[Cryptography] Defending against weak/trapdoored keys
Jan Dušátko
jan at dusatko.org
Thu Oct 13 08:51:57 EDT 2016
Dne 13.10.2016 v 14:37 Henry Baker napsal(a):
> At 11:18 PM 10/12/2016, David Johnston wrote:
>> On 10/12/16 11:55 AM, Henry Baker wrote:
>>> Here's my (hopefully non-lame) attempt to fix DH to defend against weak and/or trapdoored primes/ECC-groups.
>> ...
>>
>> Use the hash output to seed a CSPRNG that services a prime search algorithm.
>>
>> Use the prime that is found.
>>
>> ...
> I'm not at all convinced that random "secure" primes/ECCgroups can be quickly & efficiently generated in real time.
>
Experience, generating DH parameters on Intel(R) Core(TM) i7-3612QE CPU @ 2.10GHz :
openssl dhparam -outform PEM -out dh[size].pem [size]
100x 256 <1s/per item
100x 512 <1s/per item
100x 1k ~10s/per item
100x 2k ~2m/per item
100x 4k ~1h/per item
50x 8k ~10h/per item
10x 16k ~130h/per item
10x 32k ~1100h/per item
2x 64k ~ 9500h/per item
Regards
Jan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jan.vcf
Type: text/x-vcard
Size: 242 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161013/d9bf591a/attachment.vcf>
More information about the cryptography
mailing list