[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] Security of RSA params
|
From: |
Stephen Frost |
|
Subject: |
[Help-gnutls] Security of RSA params |
|
Date: |
Fri, 25 Jul 2003 11:20:38 -0400 |
|
User-agent: |
Mutt/1.5.4i |
Greetings,
In the source code I see places where the RSA params are generated and
there are comments like "Only do this ever day, or every 500 connects"
or similar. I'd like to understand what the story with these params
is. It seems they need to be regenerated every so often for the
system to not be compramised but exactly what would happen if they
were, and how hard is it for them to be?
What I'm wondering, specifically, is this: Are these params given to
the client at some point? Can they be used to derive the session key?
Most importantly: Can one client decrypt another client's session
trivially if the same RSA params are used for both?
OpenLDAP has been ported to use GNU TLS but it is currently not
explicitly generating/setting the RSA params. From what I've read
these params are probably generated on the fly by GNU TLS for every
session because of this. This causes a significant increase in the
CPU utilization of the slapd processes. Other programs (exim, for
example) appear to generate these params and then save them for use
with multiple sessions. Should OpenLDAP do the same? Would security
be compramised by doing this?
Many thanks,
Stephen
pgpnDg01YXW7l.pgp
Description: PGP signature
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Help-gnutls] Security of RSA params,
Stephen Frost <=