hi,

In Diffie Hellman key exchange we choose a large prime
in Fp. The prime is publicly known,so is g,preferably
a generator in Fp*.

The reason that you might need to change the prime
frequently is only if you donot choose g(element of)Fp
to be a generator in Fp or the prime field be too
small.
If the attacker knows the prime factorization of p-1,
where p-1=q_1*q_2*...*q_n,he can compute which of
 g^((p-1)/q_i)== 1 mod p and determine the order of g.
If it has a lower order, the attack is easier.

If you choose g of maximum order in Fp, then you will
have maximum security.

> physical retrieval of the DH prime (and the rest of
> the certificate) allow
> him to decode the captured log?

The diffie-hellman key exchange works under the
assumption that knowing only g^a and g^b, it is
computationaly infeasible for the attacker to
calculate g^(ab) and breaking it is conjenctured to be
as hard as the discrete log problem.

Sarath.


        
                
__________________________________
Do you Yahoo!?
SBC Yahoo! - Internet access at a great low price.
http://promo.yahoo.com/sbc/

Reply via email to