Date: Thu, 22 Oct 2015 23:41:39 -0400 From: Daniel Kahn Gillmor <dkg@...thhorseman.net> To: Kurt Seifried <kseifried@...hat.com> Cc: oss-security <oss-security@...ts.openwall.com> Subject: Re: Prime example of a can of worms On Thu 2015-10-22 19:37:49 -0400, Kurt Seifried wrote: > Sorry when I said a "large" pool I meant more then the current 5 or so that > seem to be in popular use, but certainly not more than a few hundred. ok, that's a relief :) but, running the numbers, even 100 hundred 2048-bit groups comes out to a quarter MiB of RAM. (i figure 256 bytes per prime, a well-known, shared generator) Larger groups (or more groups) inflate the size even further. I know RAM is cheap these days but for embedded devices a quarter meg or more of RAM is still not insignificant. > Basically we're in agreement, I think nothing under 2048 should even be > considered, and we probably need to bump that up in a few years anyways. yep, agreed. > I've also been going through source code to see how people use dh > params/treat them, and I have some worrying results (basically what I > expected though, everything is terrible as usual) :/ > I'm going to be writing this up as an article rather than a long email as I > have a few more sticky points to raise (security rabbit holes are so much > fun). I look forward to reading it. --dkg
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.