Look, the typical way you'd use the DH shared secret would be to hash it using an appropriate hash function. I personally like using Tiger with AES-192, YMMV.
On Tue, Apr 19, 2011 at 3:56 PM, ikuzar <razuk...@gmail.com> wrote: > So, have I to generate a prime with length = 3200 bits ?, ( the > corresponding exponent will belong to 3200-bit MODP group ) in order to > generate an AES 128 session key ? ( I use 2 as generator ). > Here http://tools.ietf.org/html/rfc3526, it is said : > "The new Advanced Encryption Standard (AES) cipher [AES], which has > more strength, needs stronger groups. For the 128-bit AES we need > about a 3200-bit group [Orman01]. ..;" > in this IETF, 6 MODP groups are exposed. 3200-bit is not among this > groups... > Concretly, what should I write to obtain AES 128 session key? i Wrote > something like this ( in command line ): > openssl dhparam -outform PEM -out dhParams.pem -2 3200 > Then I decode dhParams.pem into internal C struct: dh. Then I > call DH_generate_key(DH *dh); > , then DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); with the > peer pub_key > and I finally want to store this session key at key > > > 2011/4/19 Michael Sierchio <ku...@tenebras.com> >> >> Addendum - depending on the use of DH (usually using the DH shared >> secret as a basis for key exchange), the choice of prime is more >> important than private exponent length. Safe primes or strong primes >> are warranted. Most systems use small generators (e.g., 2). >> >> - M >> >> On Mon, Apr 18, 2011 at 7:25 PM, Mike Mohr <akih...@gmail.com> wrote: >> > You might take a look at RFC 3526: >> > >> > http://tools.ietf.org/html/rfc3526 >> > >> > It is my understanding that the DH exponent can be significantly >> > shorter than the modulus without compromising security. RFC 3526 is >> > from 2003, but I haven't found anything published since then that >> > would make me think its assertions are invalid or outdated. The >> > paranoid tinfoil hat crowd can probably take twice the maximum bit >> > count from section 8 (620x2=1240) and be happy. >> > >> > Mike >> > >> > On Mon, Apr 18, 2011 at 8:01 AM, ikuzar <razuk...@gmail.com> wrote: >> >> Hello, >> >> I 'd like to know the length of DH session key generated by >> >> DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh) . Here : >> >> http://www.openssl.org/docs/crypto/DH_generate_key.html >> >> It is said that key must point to DH_size(dh) bytes of memory. is 128 >> >> bits >> >> the default length ? how can I adjust this length according the >> >> symetric-key >> >> algorithm I use ( AES128/ICM) >> >> Thanks for your help. >> >> >> >> >> > ______________________________________________________________________ >> > OpenSSL Project http://www.openssl.org >> > User Support Mailing List openssl-users@openssl.org >> > Automated List Manager majord...@openssl.org >> > >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-users@openssl.org >> Automated List Manager majord...@openssl.org > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
