Thomas Shaddack wrote:
>
> I have a standard implementation of OpenSSL, with Diffie-Hellman prime in
> the SSL certificate. The DH cipher suite is enabled.
>
> Is it safe to keep one prime there forever, or should I rather
> periodically regenerate it? Why? If yes, what's some sane period to do
If your
> prime is 2000 bits,
> then that should be safe for the foreseeable future,
> unless quantum
> computers turn out to be practical for breaking
> moduli of this size.
Discrete Logarithms in GF(2^607)have been calculated
over polynomial basis.
http://listserv.nodak.edu/scripts/wa.exe?A2=in
Thomas Shaddack writes:
> I have a standard implementation of OpenSSL, with Diffie-Hellman prime in
> the SSL certificate. The DH cipher suite is enabled.
>
> Is it safe to keep one prime there forever, or should I rather
> periodically regenerate it? Why? If yes, what's some sane period to do so:
hi,
In Diffie Hellman key exchange we choose a large prime
in Fp. The prime is publicly known,so is g,preferably
a generator in Fp*.
The reason that you might need to change the prime
frequently is only if you donot choose g(element of)Fp
to be a generator in Fp or the prime field be too
small.
I
I have a standard implementation of OpenSSL, with Diffie-Hellman prime in
the SSL certificate. The DH cipher suite is enabled.
Is it safe to keep one prime there forever, or should I rather
periodically regenerate it? Why? If yes, what's some sane period to do so:
day, week, month?
If the advers
