[Cryptography] How often should the DH group be changed?
Sebastian Stache
zeb at qtt.se
Tue Mar 11 09:51:50 EDT 2025
On 2025-03-10 02:38, Pierre Abbat wrote:
> Let's say that there's a group of computers that maintain network connections
> to each other, and they send information to each other encrypted with a
> symmetric cipher whose key is agreed to with the Diffie-Hellman key exchange.
> Every n days they pick a new group at random. How often should they change the
> group for various sizes of the Diffie-Hellman group? I'd like to know both for
> the multiplicative part of a prime field and for an elliptic curve.
>
> Pierre
It might be tempting to change public constants in an effort to increase
resistance to brute force attacks, pre-imaging and such, but I would
recommend to increase the sizes (of primes, keys and hashes) instead.
Also, how would you distribute the new group to all clients?
Z
More information about the cryptography
mailing list