IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: [TLS] MODP group modulus derivation [was: Re: I can has SHA-1 hashes for RFC 2409/3526 MODP groups?]
Daniel Kahn Gillmor <dkg%fifthhorseman.net@localhost> writes:
>It's not clear to me that there is any advantage in a DH key exchange to
>using the RFC 5114 discrete log groups.
There's actually an enormous disadvantage to using those groups, the RFC 3526
and earlier MODP groups set the generator to 2, which is quite efficient to
work with. RFC 5114 uses a generator of the same size as the prime, which is
stunningly inefficient (I've referred to the 5114 groups as the "WTF groups"
in code in the past). I have no idea why the RFC would choose such an awful
generator...
Peter.
Home |
Main Index |
Thread Index |
Old Index