Ikuzar, I'm not sure what software you're writing. Please understand that I'm not trying to be mean spirited when I say this, but if you don't already know the difference between symmetric vs public-key crypto then you should not be writing this type of code. Stop doing it until you have a firm grasp on the basic concepts. Any code you write now is nearly guaranteed to be incorrect. You should take a few months to read the book I linked you to earlier and really understand the basic concepts. You will get much better support from this mailing list once you do.
Mike On Wed, Apr 20, 2011 at 3:06 PM, ikuzar <razuk...@gmail.com> wrote: > > > 2011/4/19 Dave Thompson <dthomp...@prinpay.com> >> >> > From: owner-openssl-us...@openssl.org On Behalf Of ikuzar >> > Sent: Monday, 18 April, 2011 11:01 >> >> > I 'd like to know the length of DH session key generated by >> > DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh) . >> > Here : http://www.openssl.org/docs/crypto/DH_generate_key.html >> > It is said that key must point to DH_size(dh) bytes of memory. >> > is 128 bits the default length ? how can I adjust this length >> > according the symetric-key algorithm I use ( AES128/ICM) >> >> The size of both private (x) and public (y) values in DH >> is the same as the size of the prime P or very nearly. >> If the parameters were generated with openssl commandline >> 'dhparam' the default size of P was 512 bits, which is >> probably not secure. > > If P = 512 bits is not secure so shared key ( 512 bits ) generated with this > P is not secured. Necessarily, shared key with 128 bits is not secured, and > then AES 128 is not secured .... ? > I am confused... > Is there any way to understand in 2, 3 words how to generate a shared key > with 128 bits length from Dh params ? For example g = 2, P = 128 => shared > key length = 128 > Thanks, > Ikuzar > > >> >> (I know factoring thus RSA up to >> 700-something is broken; I haven't heard of results for >> discrete-log thus DH and DSA, but on my limited knowledge >> of number theory I think it should be about the same.) >> >> (Good) asymmetric algorithms need more bits for comparable >> security than (good) symmetric ones. Experts do not agree >> on an exact correspondence, but in (very) rough terms >> elliptic-curve algs are about 2x symmetric, and traditional >> asymmetric (RSA, DH, DSA, etc) are in the vicinity of 20x. >> >> NIST Special Publication 800-57 available under csrc.nist.gov >> seems to be a good reflection of reasonably current thinking. >> There is or at least was a few years ago an independent site >> with the consensus of leading academic crypto researchers, >> but I can't find it now. >> >> (If you don't know it, NIST = National Institute for Science >> and Technology is a part of the US government Department of >> Commerce; it was formerly NBS National Bureau of Standards.) >> >> >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-users@openssl.org >> Automated List Manager majord...@openssl.org > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
