At 01:48 PM 03/13/2003 -0800, NOP wrote:
I am looking at attacks on Diffie-Hellman.
The protocol implementation I'm looking at designed their diffie-hellman
using 128 bit primes (generated each time, yet P-1/2 will be a prime, so no
go on pohlig-hellman attack), so what attacks are there that I can look at
to come up with either the logarithm x from (a=g^x mod p) or the session key
that is
calculated. A brute force wouldn't work, unless I know the starting range.
Are there any realistic
attacks on DH parameters of this size, or is theoretically based on
financial computation attacks?
Google for "Odlyzko Diffie Hellman" and look at the various papers.
Unless you're talking about elliptic curve versions of Diffie Hellman
(and even then 128 bits probably isn't enough), 128 is way too weak.
DH is similar in strength to RSA, so don't think about using less than 1024,
and realistically go for 2048 or more.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
