Reputation: 23141
For the Diffie-Hellman prime and generator, what key length should I use?
In the code below, from the Crypto++ wiki, is 128 the number I really should be using?
CryptoPP::AutoSeededRandomPool arngA;
CryptoPP::RandomNumberGenerator& rngA = *dynamic_cast<CryptoPP::RandomNumberGenerator *>(&arngA);
CryptoPP::DH dhA(rngA, 128);
CryptoPP::Integer iPrime = dhA.GetGroupParameters().GetModulus();
CryptoPP::Integer iGenerator = dhA.GetGroupParameters().GetSubgroupGenerator();
Upvotes: 2
Views: 2426
Answers (1)
Reputation: 536
Integer factorization and discrete logarithm over Z/(pZ) are roughly equally difficult. Therefore the size of the modulus for Diffie-Hellman should be about the same size as you would choose for an RSA modulus. If you are comfortable with a 1024-bit RSA key then you can also be comfortable with a 1024-bit Diffie-Hellman key.
It is not easy to tell if key sizes in crypto++ are measured in bits or bytes. As Sebastian points out dhA(rngA, 128) may indeed generate a 128 bit Diffie-Hellman key, which would be too small. Going through the code it looks like this is indeed the case.
The size of the generator iGenerator does not affect the security of Diffie-Hellman. (I.e. iGenerator = 2 could be perfectly fine)
Upvotes: 3
Related Questions
- Diffie-Hellman Private Key
- I have general questions about Diffie-Hellman parameters
- Should I secure/hide prime and base numbers for Diffie-Hellman?
- What should the length of public key on ECDH be?
- Elliptic Curve Diffie Hellman public key size
- Java generate DH public key size is not the same size as sample that documentation have
- Generating Diffie-hellman parameters (generator)
- Diffie Hellman Key Exchange security
- What size primes are needed for a good Diffie-Hellman key generation?
- Length of Diffie-Hellman Elliptic Curve Private Key