Thanks for answering!
> Why's that? DH *parameter* generation is that slow, but only the
> server has to do it. All the client does for generating its DH *key*
> is an exponentiation with a random exponent. (Then another
> exponentation is done to compute the shared DH secret.)
Yes, I know that DH parameter generation is very slow. I'm not generating
them at all, I use DH parameters from IKE standard (they have set of DH
parameters which are constructed from decimal places of Pi (with prime
length 768, 1024, 1536, 2048, 3072 and 4096 bits) and are verified to be
really primes.
My client program makes about one hundred simulations connections on
startup. Eliminating the first exponentiation makes this whole process two
times faster.
> On the other hand, if you assume that the client can be sure about
> certain properties about the DH parameters, then you could speed
> up the handshake even more by using short exponents (either with
> one-time client DH keys, or as in your patch with predefined
> keys). All this depends very much on the application, so the
This is interesting. Does it mean that I must set the length field in
DHparams structure to some smaller value than default? How short is still
secure? Where can I read more about it?
Arne
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
