Hello, Pinging again to try and get a response. Thanks for your time, Ethan On Tue, Oct 27, 2015 at 3:35 PM, Ethan Rahn <ethan.rahn at gmail.com> wrote: > Hello, > > I'm trying to understand the tradeoffs of using "-dsaparam" in the openssl > "dhparam" command. I know that it won't create a strong prime > <https://en.wikipedia.org/wiki/Strong_prime>, but I'm not understanding > the tradeoffs with that very well. The wikipedia page says that primes with > the strong property are not considered necessary by some cryptography > experts, but I don't know what the tradeoffs of using "-dsaparam" are. > Please note this is being used for a ( nginx-based ) SSL server if that > helps provide context. > > I know that it is much faster. For generating a 2048-bit diffie-hellman > parameter using "-dsaparam" takes ~10 seconds vs. ~30 minutes for the > strong prime defaults on the server I'm testing it on. > > The downside is not very clear to me however. I know the man pages say "DH > parameter generation with the -dsaparam option is much faster, and the > recommended exponent length is shorter, which makes DH key exchange more > efficient. Beware that with such DSA-style DH parameters, a fresh DH key > should be created for each use to avoid small-subgroup attacks that may be > possible otherwise." This isn't clear to me if each connection the SSL > server makes should use a different dsaparam based dhparam? Is there > another meaning here? > > Any clarifications on what I should beware of when using -dsaparam and > what a "new use" is when knowing when to make fresh dh keys would be very > appreciated. > > Thanks, > > Ethan > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151103/cd94129c/attachment.html>
