[12809] in cryptography@c2.net mail archive
Re: Diffie-Hellman 128 bit
daemon@ATHENA.MIT.EDU (Hagai Bar-El)
Mon Mar 24 10:22:36 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
Date: Thu, 20 Mar 2003 14:56:33 +0200
To: NOP <nop@trapped-under-ice.com>
From: Hagai Bar-El <info@hbarel.com>
Cc: cryptography@wasabisystems.com
In-Reply-To: <006201c2e9aa$54768200$6f42420a@lanwan>
At 13/03/03 23:48, you wrote:
>I am looking at attacks on Diffie-Hellman.
>
>The protocol implementation I'm looking at designed their diffie-hellman
>using 128 bit primes (generated each time, yet P-1/2 will be a prime, so no
>go on pohlig-hellman attack), so what attacks are there that I can look at
>to come up with either the logarithm x from (a=g^x mod p) or the session key
>that is
>calculated. A brute force wouldn't work, unless I know the starting range.
>Are there any realistic
>attacks on DH parameters of this size, or is theoretically based on
>financial computation attacks?
You can find good explanation for the rationale behind Diffie-Hellman
parameters as well as general precautions for implementation in a good
paper called "Security Issues in the Diffie-Hellman Key Agreement Protocol"
You can find it in: http://citeseer.nj.nec.com/483430.html
Regards,
Hagai.
Hagai Bar-El - Information Security Analyst
Tel.: 972-8-9354152 Fax.: 972-8-9354152
E-mail: info@hbarel.com Web: www.hbarel.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
