[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: D-H key exchange - how does it work?



Eric Hughes, replying to somebody, says:
>    It takes hours and hours of searching to find
>    a 1024 bit strong prime on a workstation.  Granted, you don't need to change
>    very often perhaps, but some people would like to change every day.  

> If they really want to change that often, they can buy a dedicated
> machine.  There's no good cryptographic reason to change that often,
> if the modulus is large enough.  In addition, changing the modulus can
> have unpleasant effects on traffic analysis, if not done properly.

For basic PGP mail, there's no need to change keys that often.
There are other applications, though, that tend to want new keypairs 
on each transaction, and looking for strong primes would make them
much more annoying, if strong primes matter with the current factoring
algorithms...

		Bill