[TLS] Re: Short Ephermal Diffie-Hellman keys

To: Dr Stephen Henson <lists at drh-consultancy.demon.co.uk>
Subject: [TLS] Re: Short Ephermal Diffie-Hellman keys
From: Simon Josefsson <simon at josefsson.org>
Date: Tue, 15 May 2007 14:58:01 +0200
Cc: tls at lists.ietf.org
In-reply-to: <4649A374.8040805@drh-consultancy.demon.co.uk> (Stephen Henson's message of "Tue\, 15 May 2007 13\:11\:32 +0100")
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <op.tsa3n9ttqrq7tp@nimisha.oslo.opera.com> <46488F24.4020304@pobox.com> <B356D8F434D20B40A8CEDAEC305A1F24041FA7FF@esebe105.NOE.Nokia.com> <4649A374.8040805@drh-consultancy.demon.co.uk>
User-agent: Gnus/5.110007 (No Gnus v0.7) Emacs/22.0.95 (gnu/linux)

Dr Stephen Henson <lists at drh-consultancy.demon.co.uk> writes:

> Pasi.Eronen at nokia.com wrote:
>> Mike wrote:
>> 
>>> This is probably the result of an administrator not wanting to
>>> wait the extra 30 seconds to generate a strong key.  If the
>>> server is set up to generate a key on startup, it may not start
>>> listening for connections until it has completed the task.
>> 
>> Generating a 1024-bit DH key on a modern PC takes less 
>> than 30 _milli_seconds, so I doubt this is the real reason 
>> (unless the implementation is really, really stupid).
>> 
>
> The 30 seconds reference should be for DH _parameter_ generation (which
> some servers perform on start up) rather than key generation.

Furthermore, getting the entropy needed to generate DH parameters can be
the bottleneck, especially on servers that also consume entropy for
incoming connections.

Some applications that use GnuTLS (I believe Exim is an example) have a
separate script invoked once every day (or similar) to re-generate the
DH parameters.  This approach works fine even if getting the entropy is
a bottle-neck, since it allows servers to continue to run using the
earlier DH parameters until the new parameters have been generated.

/Simon

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- RE: [TLS] Re: Short Ephermal Diffie-Hellman keys
  - From: Pasi.Eronen

References:
- [TLS] Short Ephermal Diffie-Hellman keys
  - From: Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] Short Ephermal Diffie-Hellman keys
  - From: Mike
- RE: [TLS] Short Ephermal Diffie-Hellman keys
  - From: Pasi.Eronen
- Re: [TLS] Short Ephermal Diffie-Hellman keys
  - From: Dr Stephen Henson

Prev by Date: Re: [TLS] Short Ephermal Diffie-Hellman keys
Next by Date: Re: [TLS] Short Ephermal Diffie-Hellman keys
Previous by thread: Re: [TLS] Short Ephermal Diffie-Hellman keys
Next by thread: RE: [TLS] Re: Short Ephermal Diffie-Hellman keys
Index(es):
- Date
- Thread

[TLS] Re: Short Ephermal Diffie-Hellman keys

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.