On Tue Aug 20 09:00:56 2013, shay.gue...@intel.com wrote: > > > OpenSSL’s DH implementation uses an unnecessarily long exponent, > leading to significant performance loss > > OpenSSL handles the Diffie Hellman (DH) protocol in a very > conservative way. By default, the length of the private key equals > to the bit-length of the prime modulus. For example, DH2048 will > use a 2048-bit exponent (and two such exponentiations are executed > for a key exchange). > > This is an overkill: NIST suggests that 224 bit exponent is sufficient > for 112 bit security (which is what DH2048 offers). > > There is no API to specify the exponent’ length when generating the > key. However, there is a parameter in the DH struct, which that > defines the size of the exponent: >
The -dsaparam option to dhparam converts DSA parameters to DH and sets the length parameter. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
