Re: Diffie Hellman Question
- From: "Res" <res@xxxxxx>
- Date: Fri, 18 Dec 2009 17:01:45 +0530
Thank you for your crisp & clear reply.
Some more questions below.
"Joseph Ashwood" <ashwood@xxxxxxx> wrote in message
"Res" <res@xxxxxx> wrote in message
Not a cryptography expert, so please bear with me.
Not a problem.
- Bob & Alice do not mutually authenticate each other - this is not
for me. So integrity of the message is very important for me. Currently,
I solve this
by decrypting the message at Alice end's & make sure it follows a
pattern. I do not want Mallory to be able to change the message to
"Please do task XYZ at time T1 with N" or "Please do task ABC at time TT
Bad idea. What prevents Mallory from repeating instructions?
Repeating is an not really an issue in my use case because of a couple
- Alice recieves instructions from Bob only when she requests them.
- Alice does some basic validation on the instructions.
- The instructions contain time TT. So repeating instructions at a later
essentially will ensure that Alice's validation fails.
Many other issues, I'll just cover the fix later.
Considering these use cases - how should go about chosing the
P, G, a & b.
1) The Wikipedia page on DH says G need to be large at all - it's usually
2 or 5.
I am assuming the 2 or 5 here refers to the actual number G rather than
of the number G.
Considering this, can Alice & Bob both pre-agree that they will always
use 5 as G
till the end of time - any disadvantages in this over everything agreeing
upon a new
value of G.
There's nothing gained in changing G, as long as it is a generator the
difficulty is the same. If G isn't a generator then the system is very
weak. Just make sure it's a generator.
Yes. Will do.
2) Can P also be hardcoded at both Alice & Bob's end or is it better to
use a new P
A single P of 2048 bits is good for a long time.
This is a huge pain point for me.
I have a maximum of somewhere around 8 to 10 bytes which can be
transferred from Alice to Bob (as a request). Hence my request is
going to be Alice transmitting her calculated
(g ** Random Number) mod Prime.
This means that the Prime cannot be a huge number like you suggest.
Even if I use some compression on the calculated value, the initial
cannot be very big. This means that I have to use the smallest prime I can.
Considering my use case that I am not so bothered about the instruction
cracked, what is the smallest prime I can use.
3) How long should a & b be? What are the considerations here for my
a & b should be long enough that they are harder to figure out then to
solve the discrete logarithm. Since you're not an expert, go with half the
length of P.
The length of a & b is not a big bother for me. Considering that the length
Alice's calculated value needs to be small & it's length mainly depends on
length of the Prime rather than a, b & g, I am ok with using bigger a, b &
Can using a bigger a, b or g offset the compromise of having a smaller
- Prev by Date: Re: Diffie Hellman Question
- Next by Date: Re: Diffie Hellman Question
- Previous by thread: Re: Diffie Hellman Question
- Next by thread: Re: Diffie Hellman Question