"Nikos Mavrogiannopoulos" <[EMAIL PROTECTED]> writes: > On Tue, Apr 15, 2008 at 12:23 PM, Simon Josefsson <[EMAIL PROTECTED]> wrote: > > FYI, > > > > I asked Peter Gutmann about this, who recently posted some mathematical > > limits he used in: > > > > http://permalink.gmane.org/gmane.ietf.smime/6175 > > > > His response is below. So there seems to be good reasons why we > > shouldn't allow too small DH prime modulus. Although I'd prefer if this > > were a bit better documented. > > We also have this: > > http://www.gnu.org/software/gnutls/manual/html_node/Selecting-cryptographic-key-sizes.html#Selecting-cryptographic-key-sizes > > The values apply to DH parameters as well.
Ah, thanks. I think that answer this question well. I'm surprised openssl would accept such low DH parameters (which I recall the debian BTS discussion implied?), it seems insecure to me. /Simon _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
