Hi, I was looking at a few specs and found that the standard primes used for Diffie-Hellman key exchange or in DSA are not safe-primes (http://en.wikipedia.org/wiki/Safe_prime). DH: None of primes in rfc5114 are safe primes DSA: FIPS-186-3 (page 15) recommends the order of group to be much smaller than prime size - for example, for 1024 bit prime, order of group should be 160 Why is this so ? Isn't it desirable for the order of the group to be as high as possible to make computation of discrete logarithm hard ?
-Rahul ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
