Re: [TLS] Short Ephermal Diffie-Hellman keys
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TLS] Short Ephermal Diffie-Hellman keys
I have recently started to see an increasing number of reports about
SSL/TLS servers using short Ephermal Diffie-Hellman keys, in some cases
very short ones.
The short DHE keys I have seen have usually been 512 bits, but I have
seen servers sending keys as short as 256 bits.
This is probably the result of an administrator not wanting to wait
the extra 30 seconds to generate a strong key. If the server is
set up to generate a key on startup, it may not start listening for
connections until it has completed the task.
I recall (hopefully correctly) that a 1536 bit D-H key provides the
equivalent of about 90-120 bits of security. I would guess that a
512-bit or 256-bit key is down in the EXPORT category of security.
This is a terrible trend.
Mike
_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
