[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] Re: Fwd: Re: Diffie Hellman size?
From: |
Simon Josefsson |
Subject: |
[Help-gnutls] Re: Fwd: Re: Diffie Hellman size? |
Date: |
Tue, 15 Apr 2008 20:38:34 +0200 |
User-agent: |
Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux) |
"Nikos Mavrogiannopoulos" <address@hidden> writes:
> On Tue, Apr 15, 2008 at 12:23 PM, Simon Josefsson <address@hidden> wrote:
> > FYI,
> >
> > I asked Peter Gutmann about this, who recently posted some mathematical
> > limits he used in:
> >
> > http://permalink.gmane.org/gmane.ietf.smime/6175
> >
> > His response is below. So there seems to be good reasons why we
> > shouldn't allow too small DH prime modulus. Although I'd prefer if this
> > were a bit better documented.
>
> We also have this:
>
> http://www.gnu.org/software/gnutls/manual/html_node/Selecting-cryptographic-key-sizes.html#Selecting-cryptographic-key-sizes
>
> The values apply to DH parameters as well.
Ah, thanks. I think that answer this question well.
I'm surprised openssl would accept such low DH parameters (which I
recall the debian BTS discussion implied?), it seems insecure to me.
/Simon