Thomas Shaddack wrote:
I have a standard implementation of OpenSSL, with Diffie-Hellman prime in
the SSL certificate. The DH cipher suite is enabled.
Is it safe to keep one prime there forever, or should I rather
periodically regenerate it? Why? If yes, what's some sane period to do so:
Thomas Shaddack writes:
I have a standard implementation of OpenSSL, with Diffie-Hellman prime in
the SSL certificate. The DH cipher suite is enabled.
Is it safe to keep one prime there forever, or should I rather
periodically regenerate it? Why? If yes, what's some sane period to do so:
If your
prime is 2000 bits,
then that should be safe for the foreseeable future,
unless quantum
computers turn out to be practical for breaking
moduli of this size.
Discrete Logarithms in GF(2^607)have been calculated
over polynomial basis.
Thomas Shaddack wrote:
I have a standard implementation of OpenSSL, with Diffie-Hellman prime in
the SSL certificate. The DH cipher suite is enabled.
Is it safe to keep one prime there forever, or should I rather
periodically regenerate it? Why? If yes, what's some sane period to do so:
Thomas Shaddack writes:
I have a standard implementation of OpenSSL, with Diffie-Hellman prime in
the SSL certificate. The DH cipher suite is enabled.
Is it safe to keep one prime there forever, or should I rather
periodically regenerate it? Why? If yes, what's some sane period to do so:
hi,
In Diffie Hellman key exchange we choose a large prime
in Fp. The prime is publicly known,so is g,preferably
a generator in Fp*.
The reason that you might need to change the prime
frequently is only if you donot choose g(element of)Fp
to be a generator in Fp or the prime field be too
small.
I have a standard implementation of OpenSSL, with Diffie-Hellman prime in
the SSL certificate. The DH cipher suite is enabled.
Is it safe to keep one prime there forever, or should I rather
periodically regenerate it? Why? If yes, what's some sane period to do so:
day, week, month?
If the
I have a standard implementation of OpenSSL, with Diffie-Hellman prime in
the SSL certificate. The DH cipher suite is enabled.
Is it safe to keep one prime there forever, or should I rather
periodically regenerate it? Why? If yes, what's some sane period to do so:
day, week, month?
If the