IETF Logo Mail Archive

[TLS] Re: Short Ephermal Diffie-Hellman keys

Simon Josefsson <simon@josefsson.org> Tue, 15 May 2007 12:58 UTC

Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Hnwbg-0005M3-Rv; Tue, 15 May 2007 08:58:24 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Hnwbe-0005LC-Sl for tls@lists.ietf.org; Tue, 15 May 2007 08:58:23 -0400
Received: from vinyl.extundo.com ([83.241.192.59]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1HnwbW-0002lR-KM for tls@lists.ietf.org; Tue, 15 May 2007 08:58:22 -0400
Received: from mocca.josefsson.org ([83.241.177.38]) (authenticated bits=0) by vinyl.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l4FCw2NM005750 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 15 May 2007 14:58:06 +0200
From: Simon Josefsson <simon@josefsson.org>
To: Dr Stephen Henson <lists@drh-consultancy.demon.co.uk>
References: <op.tsa3n9ttqrq7tp@nimisha.oslo.opera.com> <46488F24.4020304@pobox.com> <B356D8F434D20B40A8CEDAEC305A1F24041FA7FF@esebe105.NOE.Nokia.com> <4649A374.8040805@drh-consultancy.demon.co.uk>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:22:070515:tls@lists.ietf.org::R2hFKkPz+peeSYmA:9yCU
X-Hashcash: 1:22:070515:lists@drh-consultancy.demon.co.uk::jXfsmoKE0blsbcvN:OoP6
Date: Tue, 15 May 2007 14:58:01 +0200
In-Reply-To: <4649A374.8040805@drh-consultancy.demon.co.uk> (Stephen Henson's message of "Tue\, 15 May 2007 13\:11\:32 +0100")
Message-ID: <87y7jqckh2.fsf@mocca.josefsson.org>
User-Agent: Gnus/5.110007 (No Gnus v0.7) Emacs/22.0.95 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d
Cc: tls@lists.ietf.org
Subject: [TLS] Re: Short Ephermal Diffie-Hellman keys
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Dr Stephen Henson <lists@drh-consultancy.demon.co.uk> writes:

> Pasi.Eronen@nokia.com wrote:
>> Mike wrote:
>> 
>>> This is probably the result of an administrator not wanting to
>>> wait the extra 30 seconds to generate a strong key.  If the
>>> server is set up to generate a key on startup, it may not start
>>> listening for connections until it has completed the task.
>> 
>> Generating a 1024-bit DH key on a modern PC takes less 
>> than 30 _milli_seconds, so I doubt this is the real reason 
>> (unless the implementation is really, really stupid).
>> 
>
> The 30 seconds reference should be for DH _parameter_ generation (which
> some servers perform on start up) rather than key generation.

Furthermore, getting the entropy needed to generate DH parameters can be
the bottleneck, especially on servers that also consume entropy for
incoming connections.

Some applications that use GnuTLS (I believe Exim is an example) have a
separate script invoked once every day (or similar) to re-generate the
DH parameters.  This approach works fine even if getting the entropy is
a bottle-neck, since it allows servers to continue to run using the
earlier DH parameters until the new parameters have been generated.

/Simon

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email