[openssl-users] Fast DH parameters generation
director at openca.org
Tue Jun 16 17:22:09 UTC 2015
I am working on an application that would use DH to allow exchanging
symmetric keys (not a TLS app), and we noticed that we could use two
different approaches to generate the parameters.
The first option is to use the DH_generate_parameters_ex() +
DH_generate_key() - but that takes quite a long time when using 2048
The second option, instead, is to generate DSA parameters and then copy
them as DH params - i.e., using DSA_generate_parameters_ex() +
DSA_dup_DH() + DH_generate_key().
Of course, the second approach is a lot faster - however, can anyone
explain the warning not from the documentation "Be careful to avoid
small subgroup attacks when using this." ? AFAIK, for such attacks to be
effective, they require that the parameters are re-used multiple times.
However, in our specific case, the generated parameters will be used
only once (2048 bits) and then discarded...
More information about the openssl-users