Bodo Moeller <[EMAIL PROTECTED]> writes:
> No. DH *key* generation is fast, but only if you have done DH
> *parameter* generation before. Then the secret key is just a random
> number x, and the corresponding public key is g^x mod p.
> DH parameters can be used for a very long time, although there are
> concerns against having every implementation use the same parameters
> (there are possible attacks involving massive precomputation which is
> independent of the actual key).
Actually, as I understand it, breaking a Diffie-Hellman group is
roughly comparable to factoring an RSA key of equivalent key
length. And once you've done this, you're most of the way to
compromising every key in that group. I'm not sure that there
is any virtue in generating new DH keys for every transaction
other than Perfect Forward Secrecy -- which you could do
just as good a job with by refreshing the key every couple
hours.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
