[openssl-users] Need help understanding tradeoffs of "-dsaparam" in dhparam
ethan.rahn at gmail.com
Tue Nov 3 20:09:07 UTC 2015
Pinging again to try and get a response.
Thanks for your time,
On Tue, Oct 27, 2015 at 3:35 PM, Ethan Rahn <ethan.rahn at gmail.com> wrote:
> I'm trying to understand the tradeoffs of using "-dsaparam" in the openssl
> "dhparam" command. I know that it won't create a strong prime
> <https://en.wikipedia.org/wiki/Strong_prime>, but I'm not understanding
> the tradeoffs with that very well. The wikipedia page says that primes with
> the strong property are not considered necessary by some cryptography
> experts, but I don't know what the tradeoffs of using "-dsaparam" are.
> Please note this is being used for a ( nginx-based ) SSL server if that
> helps provide context.
> I know that it is much faster. For generating a 2048-bit diffie-hellman
> parameter using "-dsaparam" takes ~10 seconds vs. ~30 minutes for the
> strong prime defaults on the server I'm testing it on.
> The downside is not very clear to me however. I know the man pages say "DH
> parameter generation with the -dsaparam option is much faster, and the
> recommended exponent length is shorter, which makes DH key exchange more
> efficient. Beware that with such DSA-style DH parameters, a fresh DH key
> should be created for each use to avoid small-subgroup attacks that may be
> possible otherwise." This isn't clear to me if each connection the SSL
> server makes should use a different dsaparam based dhparam? Is there
> another meaning here?
> Any clarifications on what I should beware of when using -dsaparam and
> what a "new use" is when knowing when to make fresh dh keys would be very
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users