Hi, On 3 April 2017 at 23:14, Selva Nair <selva.n...@gmail.com> wrote: > > > On Mon, Apr 3, 2017 at 4:43 PM, David Sommerseth > <open...@sf.lists.topphemmelig.net> wrote: >> >> On 03/04/17 16:12, Jan Just Keijser wrote: >> > Hi Samuli, >> > >> > On 03/04/17 15:53, Samuli Seppänen wrote: >> >> On 02/04/2017 10:57, Steffan Karger wrote: > > > snip.. > >> >> >>> DSA is _not_ a preferred choice. The original 1024-bit DSA is too >> >>> weak >> >>> nowadays, and the 'larger' DSA variants are not even close to the wide >> >>> support that RSA has. >> >>> >> >>> -Steffan >> >>> >> >> Hi, >> >> >> >> I've issue a pull request here and review would be appreciated: >> >> >> >> <https://github.com/OpenVPN/easy-rsa-old/pull/1> >> >> >> >> I tested these changes on Debian 8 which has OpenSSL-1.0.1. Key size >> >> was >> >> set to 4096-bits and signature algorithm to SHA256WithRSAEncryption. >> >> >> >> The only real issue was DH parameter generation: it took ~25 minutes on >> >> my Intel i5 laptop. Is that acceptable default behavior? >> >> >> > what kind of i5 is this? on my i7-4810 it took 5 minutes. Can you give >> > the full CPUID string (from /proc/cpuinfo) ? then I can >> > guestimate whether the 25 minutes is realistic for slower hardware. >> >> I've run a a couple of "quick" tests ... on a two different laptops >> >> --- test 1 ---------------------------------------------------------- >> $ time openssl gendh -out test 4096 >> [...snip...] >> >> real 35m40.098s >> user 35m38.922s >> sys 0m0.367s >> $ cat /proc/cpuinfo | grep model\ name | uniq -c >> 4 model name : Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz > > > 4096 bit "strong" prime is indeed an intensive computation.. Is using > -dsaparam option not secure enough? > > openssl dhparam -dsaparam -out test 4096 > > is 15 seconds vs forever without it on my ancient desktop.
From the openssl man page: "Beware that with such DSA-style DH parameters, a fresh DH key should be created for each use to avoid small-subgroup attacks that may be possible otherwise." This means that if for some reason a non-ephemeral diffie-hellman cipher suite is selected, you are at risk of these attacks. If you are worried about the parameter generation time, just use one of the IETF-provided parameters, e.g: https://tools.ietf.org/html/rfc7919#appendix-A.2 But beware that using larger groups does not only slow down parameter generation, it also slows down connection setup. ECDH is much faster, but if you need to use DH, do some performance tests before blindly using 4096-bits parameters. -Steffan ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
