D-H key exchange - how does it work?
Perry E. Metzger
perry at imsi.com
Fri May 20 08:10:57 PDT 1994
Eric Hughes says:
> It takes hours and hours of searching to find a 1024 bit strong
> prime on a workstation. Granted, you don't need to change very
> often perhaps, but some people would like to change every day.
>
> If they really want to change that often, they can buy a dedicated
> machine. There's no good cryptographic reason to change that often,
> if the modulus is large enough.
I dunno. The paper by LaMacchia and Odlysko on how to break
Diffie-Hellman quickly once you've done a lot of precomputation on a
static modulus is sufficiently disturbing to me that I would prefer to
be able to change modulii fairly frequently if possible. If the
opponent knows a way thats a constant factor of a few tens of
thousands cheaper to do discrete logs, it might be worth their while
to spend a large sum on doing that precomputation once in the hopes of
breaking lots of traffic.
> In addition, changing the modulus can have unpleasant effects on
> traffic analysis, if not done properly.
Of what sort?
> Just fine. The complexity of taking discrete logs is dependent on the
> largest prime factor of the modulus.
It is BELIEVED dependent -- lets be precise...
Perry
More information about the Testlist
mailing list