[Operators] IM Observatory and Diffie-Hellman parameters

Fedor Brunner fedor.brunner at azet.sk
Wed Nov 13 16:29:08 UTC 2013


On 13.11.2013 16:41, Jonas Wielicki wrote:
> On 13.11.2013 16:31, Fedor Brunner wrote:> This information is quite
> important because during DHE key exchange a
>> temporary key is generated. This temporary key is used for encryption of
>> the communication and the server public RSA key is used ONLY for signing
>> of this temporary key and NOT for encryption of the communication. The
>> problem is that in many cases the temporary key much shorter than the
>> server RSA key.
>>
>> For example the server jabber.ccc.de uses 2048 bit RSA public key, but
>> the length of the temporary key is only 1024 bit. The public key score
>> is 90, cipher score is 90
>> http://xmpp.net/result.php?domain=jabber.ccc.de&type=server
> I agree that this information is important, however, there are
> implementations which do not support more than 1024 bits of DH and are
> unable to negotiate an TLS connection if the 1024 are exceeded, without
> the app or the user knowing why it failed. This means, if you have
> 1024bit EDH and the client and server agree on negotiating EDH (likely
> if the client prefers it, as it should), they're unable to connect.
>
> This seems to affect primarily java and some versions of openssl, as
> I've learnt on this list.
>
> regards,
> jw
There is already bug report on Java and will be fixed.
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6521495
New versions of OpenSSL have no problem with longer EDH keys

http://www.keylength.com/en/compare/

"
The Finite Field Diffie-Hellman
<https://en.wikipedia.org/wiki/Diffie-Hellman> algorithm has roughly the
same key strength as RSA for the same key sizes. The work factor for
breaking Diffie-Hellman is based on the discrete logarithm problem
<https://en.wikipedia.org/wiki/Discrete_logarithm_problem>, which is
related to the integer factorization problem on which RSA's strength is
based. Thus, a 3072-bit Diffie-Hellman key has about the same strength
as a 3072-bit RSA key.
"
https://en.wikipedia.org/wiki/Key_sizes

RSA 1024-bit Encryption not Enough
http://www.pcworld.com/article/132184/article.html



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 992 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20131113/67e3069f/attachment.pgp>


More information about the Operators mailing list