oss-sec mailing list archives
Re: Prime example of a can of worms
From: Daniel Kahn Gillmor <dkg () fifthhorseman net>
Date: Thu, 22 Oct 2015 23:41:39 -0400
On Thu 2015-10-22 19:37:49 -0400, Kurt Seifried wrote:
Sorry when I said a "large" pool I meant more then the current 5 or so that seem to be in popular use, but certainly not more than a few hundred.
ok, that's a relief :) but, running the numbers, even 100 hundred 2048-bit groups comes out to a quarter MiB of RAM. (i figure 256 bytes per prime, a well-known, shared generator) Larger groups (or more groups) inflate the size even further. I know RAM is cheap these days but for embedded devices a quarter meg or more of RAM is still not insignificant.
Basically we're in agreement, I think nothing under 2048 should even be considered, and we probably need to bump that up in a few years anyways.
yep, agreed.
I've also been going through source code to see how people use dh params/treat them, and I have some worrying results (basically what I expected though, everything is terrible as usual)
:/
I'm going to be writing this up as an article rather than a long email as I have a few more sticky points to raise (security rabbit holes are so much fun).
I look forward to reading it. --dkg
Current thread:
- Re: Prime example of a can of worms, (continued)
- Re: Prime example of a can of worms Brad Knowles (Oct 20)
- Re: Prime example of a can of worms Kurt Seifried (Oct 20)
- Re: Prime example of a can of worms gremlin (Oct 20)
- Re: Prime example of a can of worms Matthias Weckbecker (Oct 21)
- Re: Prime example of a can of worms Kurt Seifried (Oct 21)
- Re: Prime example of a can of worms Joshua Rogers (Oct 21)
- Re: Prime example of a can of worms Kurt Seifried (Oct 21)
- Re: Prime example of a can of worms Florent Daigniere (Oct 22)
- Re: Prime example of a can of worms Daniel Kahn Gillmor (Oct 22)
- Re: Prime example of a can of worms Kurt Seifried (Oct 22)
- Re: Prime example of a can of worms Daniel Kahn Gillmor (Oct 22)
- Re: Prime example of a can of worms gremlin (Oct 23)