2011/4/19 Dave Thompson <dthomp...@prinpay.com> > > From: owner-openssl-us...@openssl.org On Behalf Of ikuzar > > Sent: Monday, 18 April, 2011 11:01 > > > I 'd like to know the length of DH session key generated by > > DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh) . > > Here : http://www.openssl.org/docs/crypto/DH_generate_key.html > > It is said that key must point to DH_size(dh) bytes of memory. > > is 128 bits the default length ? how can I adjust this length > > according the symetric-key algorithm I use ( AES128/ICM) > > The size of both private (x) and public (y) values in DH > is the same as the size of the prime P or very nearly. > If the parameters were generated with openssl commandline > 'dhparam' the default size of P was 512 bits, which is > probably not secure.
If P = 512 bits is not secure so shared key ( 512 bits ) generated with this P is not secured. Necessarily, shared key with 128 bits is not secured, and then AES 128 is not secured .... ? I am confused... Is there any way to understand in 2, 3 words how to generate a shared key with 128 bits length from Dh params ? For example g = 2, P = 128 => shared key length = 128 Thanks, Ikuzar > (I know factoring thus RSA up to > 700-something is broken; I haven't heard of results for > discrete-log thus DH and DSA, but on my limited knowledge > of number theory I think it should be about the same.) > > (Good) asymmetric algorithms need more bits for comparable > security than (good) symmetric ones. Experts do not agree > on an exact correspondence, but in (very) rough terms > elliptic-curve algs are about 2x symmetric, and traditional > asymmetric (RSA, DH, DSA, etc) are in the vicinity of 20x. > > NIST Special Publication 800-57 available under csrc.nist.gov > seems to be a good reflection of reasonably current thinking. > There is or at least was a few years ago an independent site > with the consensus of leading academic crypto researchers, > but I can't find it now. > > (If you don't know it, NIST = National Institute for Science > and Technology is a part of the US government Department of > Commerce; it was formerly NBS National Bureau of Standards.) > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
