hi, In Diffie Hellman key exchange we choose a large prime in Fp. The prime is publicly known,so is g,preferably a generator in Fp*. The reason that you might need to change the prime frequently is only if you donot choose g(element of)Fp to be a generator in Fp or the prime field be too small. If the attacker knows the prime factorization of p-1, where p-1=q_1*q_2*...*q_n,he can compute which of g^((p-1)/q_i)== 1 mod p and determine the order of g. If it has a lower order, the attack is easier. If you choose g of maximum order in Fp, then you will have maximum security.
physical retrieval of the DH prime (and the rest of the certificate) allow him to decode the captured log?
The diffie-hellman key exchange works under the assumption that knowing only g^a and g^b, it is computationaly infeasible for the attacker to calculate g^(ab) and breaking it is conjenctured to be as hard as the discrete log problem. Sarath. __________________________________ Do you Yahoo!? SBC Yahoo! - Internet access at a great low price. http://promo.yahoo.com/sbc/