Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 19 Oct 2015 12:34:11 -0700
From: Seth Arnold <>
Subject: Re: Prime example of a can of worms

On Mon, Oct 19, 2015 at 12:24:40AM -0400, Alex Gaynor wrote:
> I think we can have a far simpler rule: use of DH at <= 1024 bits gets a
> CVE, the same way 512-bit RSA, or DES would.

Should there be any middle-ground for how much use a specific value gets?
Part of the weakdh gift is the reconition that randomly generated 1024 bit
primes might be fine for one router or website to use but is terrible when
used by millions and might repay the cost to crack it.

Do we allow 1024-bit dhparams when they are randomly generated? Or do we
also want to move these to e.g. 2048 out of abundance of caution?

(I don't share Kurt's pessimism on generating DH primes, though that does
come with the caveat that they should only be generated on systems that
have been running long enough to collect enough entropy for random number
generation to work well.)


Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.