Martin Knappe wrote: > Hi > > I have seen source code examples of servers implementing Diffie Hellman and > noticed that these often regenerate the prime and primitive root used to > generate the shared secret. My questions: > 1) Under what conditions is this necessary?
There are pros and cons with both approaches of generating random parameters and using the included ones. The included parameters have no known weakness. However if a weakness is found it applies to all servers using them. By generating random parameters (that pass some tests) you are positive that there are no known weaknesses yet, but because the prime is random, the group might have properties that will allow an attacker to mount a group specific attack. To avoid having an attacker trying to break the specific group you selected randomly you change the random prime often (once per month/season etc.). > 2) Why is this necessary? It is not necessary. For many people the included are ok. > 3) How to find out the correct interval at which regeneration becomes > necessary? The suit answer would be to calculate the probability p(n) of one breaking your specific prime in n months and multiply with the losses you might have if he breaks it. This gives you a number you are expected to lose in that time. If it is acceptable regenerate them every n months. Otherwise increase the n. The normal answer would be not to bother. Probabilities such as these are nice to show in presentations but hardly offer anything in that case. regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
