[Security] TLS Certificates Verification

Eric Rescorla ekr at rtfm.com
Wed Aug 20 11:58:08 CDT 2008


On Wed, Aug 20, 2008 at 9:53 AM, Dave Cridland <dave at cridland.net> wrote:
> On Wed Aug 20 17:38:58 2008, Jonathan Schleifer wrote:
>>
>> "Eric Rescorla" <ekr at rtfm.com> wrote:
>>
>> > I must be missing something here:
>> > 1. Key generation in DSA-based systems is just as fast as ephemeral
>> >     DH key generation, as long as you use a pregenerated group.
>> > 2. Key generation in RSA-based systems is slower, but still a matter
>> >     of a second or two on any reasonably modern system.
>>
>> Oh, generating an OTR key takes a few seconds here, on my 450 MHz
>> NetBSD box it even took about an hour, because /dev/random is used
>> there. So waiting an hour on some systems is ok for the user? I really
>> don't think so
>>
>>
> Well, I strongly suspect that's extreme. A few seconds pause at runtime
> would be a little annoying, but given you'd presumably do this during either
> the installation or setup phase, I'm not entirely clear what your point is
> anyway.

To sharpen this point a little:
If you're using Diffie-Hellman, the cost of computing ZZ (the shared key) is
rather higher than the cost of generating your own key out of a known group.
Similarly, the cost of generating a DSA key out of a known group is quite
low. In other words, if the cost of initial key generation at installation time
is unacceptable, then you most likely can't do asymmetric cryptography to
establish connections either.

-Ekr


More information about the Security mailing list