[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-jce] DH very slow

On 27 May 99 at 12:26, david.sanchez@catalanaocci.es wrote:
> I'm generating Diffie-Hellman parameters with a length of 1024 bits, and after,
> the keypair. All the process has a duration of 7 minutes in a Pentium II 350
> with Windows 98 and 64 MBytes of RAM.

That's because the secure random generator takes a long time to 
calculate a large number and assure (with some uncertainty) that it 
is a prime.
It would be much better to use well known good primes. RFC 2412 lists a 
number of them (768, 1024 and 1536 bits). These primes have been 
tested for a number of other properties that makes them more secure 
that the ones generated at runtime. The fact that they are 'known' 
primes does not make it less secure, because of the inherent 
properties of DH.

> Is it possible to reduce the time of this process?

It sould! But that would mean a little work for IAIK to extend the 
interface to allow to pass known primes or oakley group number to 
select one of the build-in known good primes to the DH constructor.

Because of this lacking property, and the in-ability to exchange the 
bare PublicKey, I had to create my own implementation of DH.

Robert Luursema          R.Luursema@incaa.nl         Incaa Datacom b.v.
Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-jce/maillist.html

To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-jce