Re: SSL/TLS DHE suites and short exponents
From: Paul Rubin (//phr.cx@NOSPAM.invalid)
Date: 03/08/03
- Next message: David Wilson: "Re: Answer(s) to Kryptos Puzzle?"
- Previous message: Paul Rubin: "Re: SSL/TLS DHE suites and short exponents"
- In reply to: Gregory G Rose: "Re: SSL/TLS DHE suites and short exponents"
- Next in thread: Gregory G Rose: "Re: SSL/TLS DHE suites and short exponents"
- Reply: Gregory G Rose: "Re: SSL/TLS DHE suites and short exponents"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Paul Rubin <http://phr.cx@NOSPAM.invalid> Date: 07 Mar 2003 19:31:17 -0800
ggr@qualcomm.com (Gregory G Rose) writes:
> To be safe, the group needs to have one (or more) large subgroup;
> usually that is chosen so that q (the prime order of the subgroup)
> has the desired 160-odd bits, or so that q == (p-1)/2. In any case,
> the recipient should check that the public key received is a member
> of the order-q subgroup by checking that k^q == k (mod p).
The recipient has to know q and check it for primality in order to
do that. Do any actual implementations actually work that way?
- Next message: David Wilson: "Re: Answer(s) to Kryptos Puzzle?"
- Previous message: Paul Rubin: "Re: SSL/TLS DHE suites and short exponents"
- In reply to: Gregory G Rose: "Re: SSL/TLS DHE suites and short exponents"
- Next in thread: Gregory G Rose: "Re: SSL/TLS DHE suites and short exponents"
- Reply: Gregory G Rose: "Re: SSL/TLS DHE suites and short exponents"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
