[openssl-users] Need help understanding tradeoffs of "-dsaparam" in dhparam

Ethan Rahn ethan.rahn at gmail.com
Tue Oct 27 22:35:42 UTC 2015


Hello,

I'm trying to understand the tradeoffs of using "-dsaparam" in the openssl
"dhparam" command. I know that it won't create a strong prime
<https://en.wikipedia.org/wiki/Strong_prime>, but I'm not understanding the
tradeoffs with that very well. The wikipedia page says that primes with the
strong property are not considered necessary by some cryptography experts,
but I don't know what the tradeoffs of using "-dsaparam" are. Please note
this is being used for a ( nginx-based ) SSL server if that helps provide
context.

I know that it is much faster. For generating a 2048-bit diffie-hellman
parameter using "-dsaparam" takes ~10 seconds vs. ~30 minutes for the
strong prime defaults on the server I'm testing it on.

The downside is not very clear to me however. I know the man pages say "DH
parameter generation with the -dsaparam option is much faster, and the
recommended exponent length is shorter, which makes DH key exchange more
efficient. Beware that with such DSA-style DH parameters, a fresh DH key
should be created for each use to avoid small-subgroup attacks that may be
possible otherwise." This isn't clear to me if each connection the SSL
server makes should use a different dsaparam based dhparam? Is there
another meaning here?

Any clarifications on what I should beware of when using -dsaparam and what
a "new use" is when knowing when to make fresh dh keys would be very
appreciated.

Thanks,

Ethan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151027/f8bdf8d8/attachment.html>


More information about the openssl-users mailing list