So, have I to generate a prime with length = 3200 bits ?, ( the corresponding exponent will belong to 3200-bit MODP group ) in order to generate an AES 128 session key ? ( I use 2 as generator ).
Here http://tools.ietf.org/html/rfc3526, it is said : "The new Advanced Encryption Standard (AES) cipher [AES], which has more strength, needs stronger groups. For the 128-bit AES we need about a 3200-bit group [Orman01]. ..;" in this IETF, 6 MODP groups are exposed. 3200-bit is not among this groups... Concretly, what should I write to obtain AES 128 session key? i Wrote something like this ( in command line ): *openssl dhparam -outform PEM -out dhParams.pem -2 3200* **Then I decode dhParams.pem into internal C struct: dh. Then I call DH_generate_key(DH *dh); , then DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); with the peer pub_key and I finally want to store this session key at key 2011/4/19 Michael Sierchio <ku...@tenebras.com> > Addendum - depending on the use of DH (usually using the DH shared > secret as a basis for key exchange), the choice of prime is more > important than private exponent length. Safe primes or strong primes > are warranted. Most systems use small generators (e.g., 2). > > - M > > On Mon, Apr 18, 2011 at 7:25 PM, Mike Mohr <akih...@gmail.com> wrote: > > You might take a look at RFC 3526: > > > > http://tools.ietf.org/html/rfc3526 > > > > It is my understanding that the DH exponent can be significantly > > shorter than the modulus without compromising security. RFC 3526 is > > from 2003, but I haven't found anything published since then that > > would make me think its assertions are invalid or outdated. The > > paranoid tinfoil hat crowd can probably take twice the maximum bit > > count from section 8 (620x2=1240) and be happy. > > > > Mike > > > > On Mon, Apr 18, 2011 at 8:01 AM, ikuzar <razuk...@gmail.com> wrote: > >> Hello, > >> I 'd like to know the length of DH session key generated by > >> DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh) . Here : > >> http://www.openssl.org/docs/crypto/DH_generate_key.html > >> It is said that key must point to DH_size(dh) bytes of memory. is 128 > bits > >> the default length ? how can I adjust this length according the > symetric-key > >> algorithm I use ( AES128/ICM) > >> Thanks for your help. > >> > >> > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager majord...@openssl.org > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
