Re: SSL/TLS DHE suites and short exponents
From: Paul Rubin (//phr.cx@NOSPAM.invalid)
Date: 03/08/03
 Next message: David Wilson: "Re: Answer(s) to Kryptos Puzzle?"
 Previous message: Paul Rubin: "Re: SSL/TLS DHE suites and short exponents"
 In reply to: Gregory G Rose: "Re: SSL/TLS DHE suites and short exponents"
 Next in thread: Gregory G Rose: "Re: SSL/TLS DHE suites and short exponents"
 Reply: Gregory G Rose: "Re: SSL/TLS DHE suites and short exponents"
 Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Paul Rubin <http://phr.cx@NOSPAM.invalid> Date: 07 Mar 2003 19:31:17 0800
ggr@qualcomm.com (Gregory G Rose) writes:
> To be safe, the group needs to have one (or more) large subgroup;
> usually that is chosen so that q (the prime order of the subgroup)
> has the desired 160odd bits, or so that q == (p1)/2. In any case,
> the recipient should check that the public key received is a member
> of the orderq subgroup by checking that k^q == k (mod p).
The recipient has to know q and check it for primality in order to
do that. Do any actual implementations actually work that way?
 Next message: David Wilson: "Re: Answer(s) to Kryptos Puzzle?"
 Previous message: Paul Rubin: "Re: SSL/TLS DHE suites and short exponents"
 In reply to: Gregory G Rose: "Re: SSL/TLS DHE suites and short exponents"
 Next in thread: Gregory G Rose: "Re: SSL/TLS DHE suites and short exponents"
 Reply: Gregory G Rose: "Re: SSL/TLS DHE suites and short exponents"
 Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
