RE: WG LAST CALL: draft-ietf-ipsec-ike-modp-groups-04.txt

[Tero Kivinen <kivinen@ssh.fi>]

Mark Winstead writes:
> Since the document itself quotes sources that cite that for 256 bit keys
> (like used by AES-256) require for full strength groups in the magnitude of
> 15400 bits, shouldn't it include a group larger than 8192 bits?

Generating them using the current hardware resources takes too long
time. We need faster cpu's before we can generate them, but
fortunately we need also faster machines to use them too. When we have
cpu's available that can and will use them then we hopefully have also
cpu time to generate them.

We tried to calculate the 16386 bit group for couple of few weeks but
with no luck. The calculation of the 8192 bit group took 13 days on a
one machine, but for the 16386 bit group each step requires about 8
times more time, and the estimated value how far it needs to go until
it finds one also goes up by factor of 2-4 or so. This means that
calculating it on one machine would take several months or years. Also
proving it to actually being a prime would take about same time...
Calculating 12288 bit group should be possible in few months even with
one machine.

If you have 50 or so spare machines with modern cpu and nothing to do,
then we can try to generate bigger groups, I can provide the software
to run.

We can always issue new rfc when those groups are actually generated,
there is no point of waiting them now.
-- 
kivinen@ssh.fi
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/