You might take a look at RFC 3526: http://tools.ietf.org/html/rfc3526
It is my understanding that the DH exponent can be significantly shorter than the modulus without compromising security. RFC 3526 is from 2003, but I haven't found anything published since then that would make me think its assertions are invalid or outdated. The paranoid tinfoil hat crowd can probably take twice the maximum bit count from section 8 (620x2=1240) and be happy. Mike On Mon, Apr 18, 2011 at 8:01 AM, ikuzar <razuk...@gmail.com> wrote: > Hello, > I 'd like to know the length of DH session key generated by > DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh) . Here : > http://www.openssl.org/docs/crypto/DH_generate_key.html > It is said that key must point to DH_size(dh) bytes of memory. is 128 bits > the default length ? how can I adjust this length according the symetric-key > algorithm I use ( AES128/ICM) > Thanks for your help. > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
