I'm using TLS with a Diffie-Hellman key exchange to negotiate the symmetric keys. How long should the exponents be?
Asked
Active
Viewed 531 times
1
-
Which key-exchange are you talking about? DHE? – CodesInChaos Jun 26 '13 at 06:42
-
Yes, Diffie Hellman. – Clay Freeman Jun 26 '13 at 15:42
1 Answers
0
Diffie-Hellman exponents need at a size at least twice the security level.
So for elliptic curve DH you need the same size as the underlying field. For example 256 bits for P-256.
For finite-field DH you still need twice the security level as exponent, but significantly larger fields. For example for an 80 bit level you need 160 bit exponents and a ~1024 bit field.
Paŭlo Ebermann
- 22,656
- 7
- 79
- 117
CodesInChaos
- 24,841
- 2
- 89
- 128