Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Speed up DH Parameter generation. #21

Closed
lewisgoddard opened this issue Jun 11, 2018 · 3 comments
Closed

Speed up DH Parameter generation. #21

lewisgoddard opened this issue Jun 11, 2018 · 3 comments
Assignees
@lewisgoddard
Labels
🤕 Status: Won't Fix 🚩 Priority: High

Comments

@lewisgoddard
Copy link
Member

lewisgoddard commented Jun 11, 2018
edited

Option 1: Use the dsaparam flag on generation.

The reasonable solution would be to add the -dsaparam option.

openssl dhparam -dsaparam -out /etc/ssl/private/dhparam.pem 4096

This option instructs OpenSSL to produce "DSA-like" DH parameters (p is such that p-1 is a multiple of a smaller prime q, and the generator has multiplicative order q). This is considerably faster because it does not need to nest the primality tests, and thus only thousands, not millions, of candidates will be generated and tested.

As far as academics know, DSA-like parameters for DH are equally secure; there is no actual advantage to using "strong primes" (the terminology is traditional and does not actually imply some extra strength).

Similarly, you may also use a 2048-bit modulus, which is already very far into the "cannot break it zone". The 4096-bit modulus will make DH computations slower (which is not a real problem for a VPN; these occur only at the start of the connection), but won't actually improve security.

To some extent, a 4096-bit modulus may woo auditors, but auditors are unlikely to be much impressed by a Raspberry-Pi, which is way too cheap anyway.

Source

Option 2. Use a service

curl https://2ton.com.au/dhparam/4096

Option 3. Install a randomness generator like rng-tools

See https://www.cyberciti.biz/open-source/debian-ubuntu-centos-linux-setup-additional-entropy-for-server-using-aveged-rng-tools-utils/
@lewisgoddard
Copy link
Member Author

Are DSA-like parameters for DH equally secure? If so, that's one easy flag so significantly speed things up.

@lewisgoddard
Copy link
Member Author

lewisgoddard commented Jun 14, 2018
edited

If this option is used, DSA rather than DH parameters are read or created; they are converted to DH format. Otherwise, "strong" primes (such that (p-1)/2 is also prime) will be used for DH parameter generation.

DH parameter generation with the -dsaparam option is much faster, and the recommended exponent length is shorter, which makes DH key exchange more efficient. Beware that with such DSA-style DH parameters, a fresh DH key should be created for each use to avoid small-subgroup attacks that may be possible otherwise.

Source: Linux Man Page

@lewisgoddard
Copy link
Member Author

None of these options seem perfectly secure or guaranteed to work, so I'm going to leave it as is for now.

@lewisgoddard lewisgoddard self-assigned this Jun 14, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lewisgoddard lewisgoddard

Labels
🤕 Status: Won't Fix 🚩 Priority: High
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lewisgoddard