Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 22 Oct 2015 23:41:39 -0400
From: Daniel Kahn Gillmor <>
To: Kurt Seifried <>
Cc: oss-security <>
Subject: Re: Prime example of a can of worms

On Thu 2015-10-22 19:37:49 -0400, Kurt Seifried wrote:
> Sorry when I said a "large" pool I meant more then the current 5 or so that
> seem to be in popular use, but certainly not more than a few hundred.

ok, that's a relief :) but, running the numbers, even 100 hundred
2048-bit groups comes out to a quarter MiB of RAM.  (i figure 256 bytes
per prime, a well-known, shared generator)

Larger groups (or more groups) inflate the size even further.  I know
RAM is cheap these days but for embedded devices a quarter meg or more
of RAM is still not insignificant.

> Basically we're in agreement, I think nothing under 2048 should even be
> considered, and we probably need to bump that up in a few years anyways.

yep, agreed.

> I've also been going through source code to see how people use dh
> params/treat them, and I have some worrying results (basically what I
> expected though, everything is terrible as usual)


> I'm going to be writing this up as an article rather than a long email as I
> have a few more sticky points to raise (security rabbit holes are so much
> fun).

I look forward to reading it.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.