[Cryptography] Zoom publishes draft cryptographic design for end-to-end encryption
Ralf Senderek
crypto at senderek.ie
Sun Jul 5 12:46:14 EDT 2020
On Sun, 5 Jul 2020, Florian Weimer wrote:
> * Peter Gutmann:
>
>> In practice virtually everyone sets e = F4, which is fine.
>
> Why is choosing a fixed parameter fine in this context, and a no-no
> for DH parameters? That's the part I don't understand.
>
In an off-list conversation with Benne de Weger I volunteered to
find out if the private key d would be large enough if I tried
to make the public exponent bigger than F4=e=65537L using CRYPTLIB.
In essence, I found that whatever value of e you assign (in the
limits that cryptlib permits) d will always come out as big as n.
I defined p and q to be 1024 bits so that n is 2048 bits and
the smalles d I got was 2040 bits in size. I had to castrate
Peter's code for this experiment and disabled every precaution
cryptlib has in store in order to manage to increase e over the
limit of 32 bits. I finally gave up when I reached size(e)=64 bits
because at this point I had to fill e with a bignum taken from
a hex value, which didn't succeed. So I told Benne, that his
assumption that d will almost never be much smaller than n
regardless of the size of n was compelteley in line with my
experiments.
This IMHO may clarify the case for RSA key generation.
I can't wait to hear of the DH case.
--ralf
More information about the cryptography
mailing list