-
Notifications
You must be signed in to change notification settings - Fork 192
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
non-prime and small subgroup DH #40
Comments
Sounds good. |
I'd probably go with "small subgroup" for the first one. there are primes for which even the best possible generator generates a small subgroup, and the size of the subgroup is what makes the parameters weak. you could go even smaller than a 31-bit subgroup, but really there's no reason not to use a safe prime for DH. clients that support DH really should do a BPSW test on p and (p-1)/2 and reject the parameters if either one comes back composite. |
Would you like to make a pull request with these? It should be pretty easy to copy this PR.
Mumble mumble performance mumble. |
that's why i said "BPSW" instead of "ECPP"... |
Merged via PR #45. |
most (all?) clients will accept very bad DH parameters, such as (31-bit subgroup):
or (not prime):
The text was updated successfully, but these errors were encountered: