Eric Hughes says:
It takes hours and hours of searching to find a 1024 bit strong prime on a workstation. Granted, you don't need to change very often perhaps, but some people would like to change every day.
If they really want to change that often, they can buy a dedicated machine. There's no good cryptographic reason to change that often, if the modulus is large enough.
I dunno. The paper by LaMacchia and Odlysko on how to break Diffie-Hellman quickly once you've done a lot of precomputation on a static modulus is sufficiently disturbing to me that I would prefer to be able to change modulii fairly frequently if possible. If the opponent knows a way thats a constant factor of a few tens of thousands cheaper to do discrete logs, it might be worth their while to spend a large sum on doing that precomputation once in the hopes of breaking lots of traffic.
In addition, changing the modulus can have unpleasant effects on traffic analysis, if not done properly.
Of what sort?
Just fine. The complexity of taking discrete logs is dependent on the largest prime factor of the modulus.
It is BELIEVED dependent -- lets be precise... Perry