On Wed, Aug 20, 2008 at 9:53 AM, Dave Cridland <[EMAIL PROTECTED]> wrote: > On Wed Aug 20 17:38:58 2008, Jonathan Schleifer wrote: >> >> "Eric Rescorla" <[EMAIL PROTECTED]> wrote: >> >> > I must be missing something here: >> > 1. Key generation in DSA-based systems is just as fast as ephemeral >> > DH key generation, as long as you use a pregenerated group. >> > 2. Key generation in RSA-based systems is slower, but still a matter >> > of a second or two on any reasonably modern system. >> >> Oh, generating an OTR key takes a few seconds here, on my 450 MHz >> NetBSD box it even took about an hour, because /dev/random is used >> there. So waiting an hour on some systems is ok for the user? I really >> don't think so >> >> > Well, I strongly suspect that's extreme. A few seconds pause at runtime > would be a little annoying, but given you'd presumably do this during either > the installation or setup phase, I'm not entirely clear what your point is > anyway.
To sharpen this point a little: If you're using Diffie-Hellman, the cost of computing ZZ (the shared key) is rather higher than the cost of generating your own key out of a known group. Similarly, the cost of generating a DSA key out of a known group is quite low. In other words, if the cost of initial key generation at installation time is unacceptable, then you most likely can't do asymmetric cryptography to establish connections either. -Ekr
