Date: Thu, 22 Oct 2015 23:41:39 -0400 From: Daniel Kahn Gillmor <dkg@...thhorseman.net> To: Kurt Seifried <kseifried@...hat.com> Cc: oss-security <oss-security@...ts.openwall.com> Subject: Re: Prime example of a can of worms On Thu 2015-10-22 19:37:49 -0400, Kurt Seifried wrote: > Sorry when I said a "large" pool I meant more then the current 5 or so that > seem to be in popular use, but certainly not more than a few hundred. ok, that's a relief :) but, running the numbers, even 100 hundred 2048-bit groups comes out to a quarter MiB of RAM. (i figure 256 bytes per prime, a well-known, shared generator) Larger groups (or more groups) inflate the size even further. I know RAM is cheap these days but for embedded devices a quarter meg or more of RAM is still not insignificant. > Basically we're in agreement, I think nothing under 2048 should even be > considered, and we probably need to bump that up in a few years anyways. yep, agreed. > I've also been going through source code to see how people use dh > params/treat them, and I have some worrying results (basically what I > expected though, everything is terrible as usual) :/ > I'm going to be writing this up as an article rather than a long email as I > have a few more sticky points to raise (security rabbit holes are so much > fun). I look forward to reading it. --dkg
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ