Hi all,
I am working on an application that would use DH to allow exchanging
symmetric keys (not a TLS app), and we noticed that we could use two
different approaches to generate the parameters.
The first option is to use the DH_generate_parameters_ex() +
DH_generate_key() - but that takes quite a long time when using 2048
bits DH.
The second option, instead, is to generate DSA parameters and then copy
them as DH params - i.e., using DSA_generate_parameters_ex() +
DSA_dup_DH() + DH_generate_key().
Of course, the second approach is a lot faster - however, can anyone
explain the warning not from the documentation "Be careful to avoid
small subgroup attacks when using this." ? AFAIK, for such attacks to be
effective, they require that the parameters are re-used multiple times.
However, in our specific case, the generated parameters will be used
only once (2048 bits) and then discarded...
Cheers,
Max
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
