> From: owner-openssl-us...@openssl.org On Behalf Of ikuzar > Sent: Monday, 18 April, 2011 11:01
> I 'd like to know the length of DH session key generated by > DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh) . > Here : http://www.openssl.org/docs/crypto/DH_generate_key.html > It is said that key must point to DH_size(dh) bytes of memory. > is 128 bits the default length ? how can I adjust this length > according the symetric-key algorithm I use ( AES128/ICM) The size of both private (x) and public (y) values in DH is the same as the size of the prime P or very nearly. If the parameters were generated with openssl commandline 'dhparam' the default size of P was 512 bits, which is probably not secure. (I know factoring thus RSA up to 700-something is broken; I haven't heard of results for discrete-log thus DH and DSA, but on my limited knowledge of number theory I think it should be about the same.) (Good) asymmetric algorithms need more bits for comparable security than (good) symmetric ones. Experts do not agree on an exact correspondence, but in (very) rough terms elliptic-curve algs are about 2x symmetric, and traditional asymmetric (RSA, DH, DSA, etc) are in the vicinity of 20x. NIST Special Publication 800-57 available under csrc.nist.gov seems to be a good reflection of reasonably current thinking. There is or at least was a few years ago an independent site with the consensus of leading academic crypto researchers, but I can't find it now. (If you don't know it, NIST = National Institute for Science and Technology is a part of the US government Department of Commerce; it was formerly NBS National Bureau of Standards.) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
