[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [iaik-jce] DH very slow
On 27 May 99 at 12:26, email@example.com wrote:
> I'm generating Diffie-Hellman parameters with a length of 1024 bits, and after,
> the keypair. All the process has a duration of 7 minutes in a Pentium II 350
> with Windows 98 and 64 MBytes of RAM.
That's because the secure random generator takes a long time to
calculate a large number and assure (with some uncertainty) that it
is a prime.
It would be much better to use well known good primes. RFC 2412 lists a
number of them (768, 1024 and 1536 bits). These primes have been
tested for a number of other properties that makes them more secure
that the ones generated at runtime. The fact that they are 'known'
primes does not make it less secure, because of the inherent
properties of DH.
> Is it possible to reduce the time of this process?
It sould! But that would mean a little work for IAIK to extend the
interface to allow to pass known primes or oakley group number to
select one of the build-in known good primes to the DH constructor.
Because of this lacking property, and the in-ability to exchange the
bare PublicKey, I had to create my own implementation of DH.
Robert Luursema R.Luursema@incaa.nl Incaa Datacom b.v.
Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-jce/maillist.html
To unsubscribe send an email to firstname.lastname@example.org with the folowing content: UNSUBSCRIBE iaik-jce