[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Jessie-discuss] FYI: Diffie Hellman parameters
|
From: |
Casey Marshall |
|
Subject: |
[Jessie-discuss] FYI: Diffie Hellman parameters |
|
Date: |
Tue, 11 Oct 2005 20:47:32 -0700 |
I've noticed that the default Diffie Hellman parameters -- "group 18"
-- take a very long time to create session keys, even when run
compiled with GCJ. This causes Firefox to time out (Mozilla browsers
use DH key exchanges before RSA ones, it seems). These parameters are
very large, so it is probably one of:
- A really slow random number generator.
- A really slow BigInteger implementation.
that's causing this problem (I'm pretty sure Classpath has both of
these). The solution is to specify a different group with the
"jessie.key.dh.group" security property, e.g.:
Security.setProperty ("jessie.�key.dh.group", "5");
This comes at a cost of security margin (smaller numbers use smaller
primes), but for most applications, group 5 is probably good enough.
I'm going to change the default group to something smaller; group 5
looks good to me, a key exchange takes about 3sec with GCJ BC-
compiled GNU Crypto and Jessie.
- [Jessie-discuss] FYI: Diffie Hellman parameters,
Casey Marshall <=