Hello, I'm trying to understand the tradeoffs of using "-dsaparam" in the openssl "dhparam" command. I know that it won't create a strong prime <https://en.wikipedia.org/wiki/Strong_prime>, but I'm not understanding the tradeoffs with that very well. The wikipedia page says that primes with the strong property are not considered necessary by some cryptography experts, but I don't know what the tradeoffs of using "-dsaparam" are. Please note this is being used for a ( nginx-based ) SSL server if that helps provide context. I know that it is much faster. For generating a 2048-bit diffie-hellman parameter using "-dsaparam" takes ~10 seconds vs. ~30 minutes for the strong prime defaults on the server I'm testing it on. The downside is not very clear to me however. I know the man pages say "DH parameter generation with the -dsaparam option is much faster, and the recommended exponent length is shorter, which makes DH key exchange more efficient. Beware that with such DSA-style DH parameters, a fresh DH key should be created for each use to avoid small-subgroup attacks that may be possible otherwise." This isn't clear to me if each connection the SSL server makes should use a different dsaparam based dhparam? Is there another meaning here? Any clarifications on what I should beware of when using -dsaparam and what a "new use" is when knowing when to make fresh dh keys would be very appreciated. Thanks, Ethan -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151027/f8bdf8d8/attachment.html>
