[openssl-users] Working with large DH parameters

Jeffrey Walton noloader at gmail.com
Mon May 4 18:59:14 UTC 2015

On Mon, May 4, 2015 at 10:00 AM, jack seth <bird_112 at hotmail.com> wrote:
>> There is a limit of 10000:
>> I suggest you do not change this. It just gets slower without
>> adding security.
>> I have no idea why it would freeze with something larger than
>> 13824.
>> I'm not sure what is logging the size, but it might be using
>> DH_size()*8 to log it. I don't think their currently is an API
>> that returns it in bits.
> Thanks for the response.  Could you elaborate on why a larger size doesn't add security?  For the sake of discussion, lets ignore how slow it would be.  According to section 5.6.1 of http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf  you would need 15360+ bit to have security equal to AES256.   Is NIST wrong here?  If so, why?
Also see https://tools.ietf.org/html/draft-ietf-tls-negotiated-ff-dhe.
The largest integer field size called out in the standards is 8192.
(Corrections, please).

Usually, when you want those kinds of security levels, you switch to EC.

But like Kurt said.... At higher security levels, the attackers go
around the crypto and not through it. Phishing emails to ladies in HR
and Accounts Receivable is more effective and very inexpensive....

More information about the openssl-users mailing list