DH Group strengths

[svakil@usr.com]

     From the Oakley draft,
     
     Wellknown group                    Group Strength (bits)
     ---------------                    ---------------------
     
     1                                          66
     2                                          77
     3                                          76
     4                                          91
     
     Am I correct in assuming that these are the maximum possible strengths 
     of the groups, i.e. no matter what the size of the exponent, the group 
     cannot provide better strength?  If this is the case, then which one 
     of the above groups can be used to derive a key for 3DES?  Does the 
     SKEYID computation described in the resolution draft add to the 
     strength of the keymaterial?
     
     Also, if keys are to be generated for an authentication algorithm, and 
     an encryption algorithm, is the key length for the authentication 
     algorithm also a factor in selecting a DH group?  If yes, how are the 
     key requirements for the two algorithms combined in choosing a DH 
     group?  For example, if ESP is to use DES and HMAC-MD5, then 56 bits 
     are required for DES and 128 bits for HMAC-MD5.  Does this mean that 
     the DH group should provide 56 + 128 = 184 bits of strength, or 128 
     bits or 56 bits or some combination of 56 and 128?  Also, how would 
     the length of the DH exponent be picked?  Would it be 184 *2, or 56 
     *2, or 128 *2?
     
     Thanks,
     
     Sumit

---

Follow-Ups:

• Re: DH Group strengths [math]
• From: Markku-Juhani Saarinen <mjos@ssh.fi>

---

• Prev by Date: Re: draft-ietf-ipsec-arch-sec-02.txt and last call
• Next by Date: Re: finding docs
• Prev by thread: Re: finding docs
• Next by thread: Re: DH Group strengths [math]
• Index(es):
  • Main
  • Thread