[Operators] IM Observatory and Diffie-Hellman parameters
thijs at xnyhps.nl
Wed Nov 13 16:00:36 UTC 2013
On 13 nov. 2013, at 16:31, Fedor Brunner <fedor.brunner at azet.sk> wrote:
> Hi all,
> the IM Observatory displays use of the DHE key exchange and there is a
> note "Ephemeral Diffie-Hellman is a key exchange algorithm with forward
> secrecy. The security depends on the Diffie-Hellman parameters used by
> the server". But the actual strength of the DH parameters is not displayed.
> This information is quite important because during DHE key exchange a
> temporary key is generated. This temporary key is used for encryption of
> the communication and the server public RSA key is used ONLY for signing
> of this temporary key and NOT for encryption of the communication. The
> problem is that in many cases the temporary key much shorter than the
> server RSA key.
> For example the server jabber.ccc.de uses 2048 bit RSA public key, but
> the length of the temporary key is only 1024 bit. The public key score
> is 90, cipher score is 90
> Many administrators enable forward secrecy, but because they set
> incorrect DH parameters they weaken the encryption. Please display the
> actual strength of DH parameters and use it also to calculate the score.
Indeed, that is a good thing to check and it is on my TODO list. I haven't yet
looked at how easy it is to check the dhparam sent by the server using
The elliptic curve chosen by the server would be interesting too.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Operators