Addendum - depending on the use of DH (usually using the DH shared secret as a basis for key exchange), the choice of prime is more important than private exponent length. Safe primes or strong primes are warranted. Most systems use small generators (e.g., 2).
- M On Mon, Apr 18, 2011 at 7:25 PM, Mike Mohr <akih...@gmail.com> wrote: > You might take a look at RFC 3526: > > http://tools.ietf.org/html/rfc3526 > > It is my understanding that the DH exponent can be significantly > shorter than the modulus without compromising security. RFC 3526 is > from 2003, but I haven't found anything published since then that > would make me think its assertions are invalid or outdated. The > paranoid tinfoil hat crowd can probably take twice the maximum bit > count from section 8 (620x2=1240) and be happy. > > Mike > > On Mon, Apr 18, 2011 at 8:01 AM, ikuzar <razuk...@gmail.com> wrote: >> Hello, >> I 'd like to know the length of DH session key generated by >> DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh) . Here : >> http://www.openssl.org/docs/crypto/DH_generate_key.html >> It is said that key must point to DH_size(dh) bytes of memory. is 128 bits >> the default length ? how can I adjust this length according the symetric-key >> algorithm I use ( AES128/ICM) >> Thanks for your help. >> >> > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
