Re: Diffie Hellman Question
- From: "Res" <res@xxxxxx>
- Date: Fri, 18 Dec 2009 17:01:45 +0530
Thank you for your crisp & clear reply.
Some more questions below.
"Joseph Ashwood" <ashwood@xxxxxxx> wrote in message
news:uAHWm.396$8e4.97@xxxxxxxxxxxxxxx
"Res" <res@xxxxxx> wrote in message
news:hgdjc3$1f4$1@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Not a cryptography expert, so please bear with me.
Not a problem.
- Bob & Alice do not mutually authenticate each other - this is not
possible
for me. So integrity of the message is very important for me. Currently,
I solve this
by decrypting the message at Alice end's & make sure it follows a
particular
pattern. I do not want Mallory to be able to change the message to
"Please do task XYZ at time T1 with N" or "Please do task ABC at time TT
with MM".
Bad idea. What prevents Mallory from repeating instructions?
Repeating is an not really an issue in my use case because of a couple
of things
- Alice recieves instructions from Bob only when she requests them.
- Alice does some basic validation on the instructions.
- The instructions contain time TT. So repeating instructions at a later
time
essentially will ensure that Alice's validation fails.
Many other issues, I'll just cover the fix later.
Considering these use cases - how should go about chosing the
size/lengths of
P, G, a & b.
1) The Wikipedia page on DH says G need to be large at all - it's usually
2 or 5.
I am assuming the 2 or 5 here refers to the actual number G rather than
the length
of the number G.
Considering this, can Alice & Bob both pre-agree that they will always
use 5 as G
till the end of time - any disadvantages in this over everything agreeing
upon a new
value of G.
There's nothing gained in changing G, as long as it is a generator the
difficulty is the same. If G isn't a generator then the system is very
weak. Just make sure it's a generator.
Yes. Will do.
2) Can P also be hardcoded at both Alice & Bob's end or is it better to
use a new P
each time?
A single P of 2048 bits is good for a long time.
This is a huge pain point for me.
I have a maximum of somewhere around 8 to 10 bytes which can be
transferred from Alice to Bob (as a request). Hence my request is
essentially
going to be Alice transmitting her calculated
(g ** Random Number) mod Prime.
This means that the Prime cannot be a huge number like you suggest.
Even if I use some compression on the calculated value, the initial
calculated value
cannot be very big. This means that I have to use the smallest prime I can.
Considering my use case that I am not so bothered about the instruction
being
cracked, what is the smallest prime I can use.
3) How long should a & b be? What are the considerations here for my
usecase.
a & b should be long enough that they are harder to figure out then to
solve the discrete logarithm. Since you're not an expert, go with half the
length of P.
The length of a & b is not a big bother for me. Considering that the length
of
Alice's calculated value needs to be small & it's length mainly depends on
the
length of the Prime rather than a, b & g, I am ok with using bigger a, b &
g's.
Can using a bigger a, b or g offset the compromise of having a smaller
length of
P.
.
- Follow-Ups:
- Re: Diffie Hellman Question
- From: Joseph Ashwood
- Re: Diffie Hellman Question
- From: Peter Pearson
- Re: Diffie Hellman Question
- References:
- Diffie Hellman Question
- From: Res
- Re: Diffie Hellman Question
- From: Joseph Ashwood
- Diffie Hellman Question
- Prev by Date: Re: Diffie Hellman Question
- Next by Date: Re: Diffie Hellman Question
- Previous by thread: Re: Diffie Hellman Question
- Next by thread: Re: Diffie Hellman Question
- Index(es):
Relevant Pages
|
