On Thu, Apr 17, 2014 at 12:50 PM, Pavel Kankovsky <p...@argo.troja.mff.cuni.cz> wrote:
> Does anyone use non-safe primes for DH? Afaik any well-known moduli are > safe. And openssl dhparam generates safe primes only. g = 2 is not a generator though its often used. Its possible to leak information depending on parameter selection (or only generate half the values of the group). See, for example, "Diffie-Hellman Parameter Check (when g = 2, must p mod 24 == 11?)", http://crypto.stackexchange.com/questions/12961/diffie-hellman-parameter-check-when-g-2-must-p-mod-24-11. Jeff _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
