Re: Diffie-Hellman question

2004-05-19 Thread Peter Fairbrother
Thomas Shaddack wrote: I have a standard implementation of OpenSSL, with Diffie-Hellman prime in the SSL certificate. The DH cipher suite is enabled. Is it safe to keep one prime there forever, or should I rather periodically regenerate it? Why? If yes, what's some sane period to do so:

Re: Diffie-Hellman question

2004-05-18 Thread Anonymous
Thomas Shaddack writes: I have a standard implementation of OpenSSL, with Diffie-Hellman prime in the SSL certificate. The DH cipher suite is enabled. Is it safe to keep one prime there forever, or should I rather periodically regenerate it? Why? If yes, what's some sane period to do so:

Re: Diffie-Hellman question

2004-05-18 Thread Sarad AV
If your prime is 2000 bits, then that should be safe for the foreseeable future, unless quantum computers turn out to be practical for breaking moduli of this size. Discrete Logarithms in GF(2^607)have been calculated over polynomial basis.

Re: Diffie-Hellman question

2004-05-18 Thread Peter Fairbrother
Thomas Shaddack wrote: I have a standard implementation of OpenSSL, with Diffie-Hellman prime in the SSL certificate. The DH cipher suite is enabled. Is it safe to keep one prime there forever, or should I rather periodically regenerate it? Why? If yes, what's some sane period to do so:

Re: Diffie-Hellman question

2004-05-18 Thread Anonymous
Thomas Shaddack writes: I have a standard implementation of OpenSSL, with Diffie-Hellman prime in the SSL certificate. The DH cipher suite is enabled. Is it safe to keep one prime there forever, or should I rather periodically regenerate it? Why? If yes, what's some sane period to do so:

Re: Diffie-Hellman question

2004-05-17 Thread Sarad AV
hi, In Diffie Hellman key exchange we choose a large prime in Fp. The prime is publicly known,so is g,preferably a generator in Fp*. The reason that you might need to change the prime frequently is only if you donot choose g(element of)Fp to be a generator in Fp or the prime field be too small.

Diffie-Hellman question

2004-05-17 Thread Thomas Shaddack
I have a standard implementation of OpenSSL, with Diffie-Hellman prime in the SSL certificate. The DH cipher suite is enabled. Is it safe to keep one prime there forever, or should I rather periodically regenerate it? Why? If yes, what's some sane period to do so: day, week, month? If the

Diffie-Hellman question

2004-05-16 Thread Thomas Shaddack
I have a standard implementation of OpenSSL, with Diffie-Hellman prime in the SSL certificate. The DH cipher suite is enabled. Is it safe to keep one prime there forever, or should I rather periodically regenerate it? Why? If yes, what's some sane period to do so: day, week, month? If the