[Security] TLS Certificates Verification

Johansson Olle E oej at edvina.net
Wed Aug 20 12:51:22 CDT 2008


20 aug 2008 kl. 18.38 skrev Jonathan Schleifer:

> "Eric Rescorla" <ekr at rtfm.com> wrote:
>
>> I must be missing something here:
>> 1. Key generation in DSA-based systems is just as fast as ephemeral
>>    DH key generation, as long as you use a pregenerated group.
>> 2. Key generation in RSA-based systems is slower, but still a matter
>>    of a second or two on any reasonably modern system.
>
> Oh, generating an OTR key takes a few seconds here, on my 450 MHz
> NetBSD box it even took about an hour, because /dev/random is used
> there. So waiting an hour on some systems is ok for the user? I really
> don't think so…

This is done at account creation or when you want to delegate
authority to a set top box. Not for each communication or each time you
add to the buddy list.

/O


More information about the Security mailing list