[openssl-users] Working with large DH parameters

Kurt Roeckx kurt at roeckx.be
Mon May 4 17:13:55 UTC 2015

On Mon, May 04, 2015 at 09:00:21AM -0500, jack seth wrote:
> > There is a limit of 10000:
> >
> > I suggest you do not change this. It just gets slower without
> > adding security.
> >
> > I have no idea why it would freeze with something larger than
> > 13824.
> >
> > I'm not sure what is logging the size, but it might be using
> > DH_size()*8 to log it. I don't think their currently is an API
> > that returns it in bits.
> >
> >
> > Kurt
> Thanks for the response.  Could you elaborate on why a larger size doesn't add security?  For the sake of discussion, lets ignore how slow it would be.  According to section 5.6.1 of http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf  you would need 15360+ bit to have security equal to AES256.   Is NIST wrong here?  If so, why?

Everything in the chain would need to be providing 256 bit of
security, there are no ciphers that support more than 192 as far
as I know.

Once you're at 128 or above it's also far more likekly that
something other than the crypto is the weakest part, like a human.


More information about the openssl-users mailing list