Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 22 Oct 2015 23:41:39 -0400
From: Daniel Kahn Gillmor <dkg@...thhorseman.net>
To: Kurt Seifried <kseifried@...hat.com>
Cc: oss-security <oss-security@...ts.openwall.com>
Subject: Re: Prime example of a can of worms

On Thu 2015-10-22 19:37:49 -0400, Kurt Seifried wrote:
> Sorry when I said a "large" pool I meant more then the current 5 or so that
> seem to be in popular use, but certainly not more than a few hundred.

ok, that's a relief :) but, running the numbers, even 100 hundred
2048-bit groups comes out to a quarter MiB of RAM.  (i figure 256 bytes
per prime, a well-known, shared generator)

Larger groups (or more groups) inflate the size even further.  I know
RAM is cheap these days but for embedded devices a quarter meg or more
of RAM is still not insignificant.

> Basically we're in agreement, I think nothing under 2048 should even be
> considered, and we probably need to bump that up in a few years anyways.

yep, agreed.

> I've also been going through source code to see how people use dh
> params/treat them, and I have some worrying results (basically what I
> expected though, everything is terrible as usual)

:/

> I'm going to be writing this up as an article rather than a long email as I
> have a few more sticky points to raise (security rabbit holes are so much
> fun).

I look forward to reading it.

  --dkg

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ