[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
DH Group strengths
From the Oakley draft,
Wellknown group Group Strength (bits)
--------------- ---------------------
1 66
2 77
3 76
4 91
Am I correct in assuming that these are the maximum possible strengths
of the groups, i.e. no matter what the size of the exponent, the group
cannot provide better strength? If this is the case, then which one
of the above groups can be used to derive a key for 3DES? Does the
SKEYID computation described in the resolution draft add to the
strength of the keymaterial?
Also, if keys are to be generated for an authentication algorithm, and
an encryption algorithm, is the key length for the authentication
algorithm also a factor in selecting a DH group? If yes, how are the
key requirements for the two algorithms combined in choosing a DH
group? For example, if ESP is to use DES and HMAC-MD5, then 56 bits
are required for DES and 128 bits for HMAC-MD5. Does this mean that
the DH group should provide 56 + 128 = 184 bits of strength, or 128
bits or 56 bits or some combination of 56 and 128? Also, how would
the length of the DH exponent be picked? Would it be 184 *2, or 56
*2, or 128 *2?
Thanks,
Sumit
Follow-Ups: