[Help-gnutls] Security of RSA params
Stephen Frost
sfrost at snowman.net
Fri Jul 25 17:20:38 CEST 2003
Greetings,
In the source code I see places where the RSA params are generated and
there are comments like "Only do this ever day, or every 500 connects"
or similar. I'd like to understand what the story with these params
is. It seems they need to be regenerated every so often for the
system to not be compramised but exactly what would happen if they
were, and how hard is it for them to be?
What I'm wondering, specifically, is this: Are these params given to
the client at some point? Can they be used to derive the session key?
Most importantly: Can one client decrypt another client's session
trivially if the same RSA params are used for both?
OpenLDAP has been ported to use GNU TLS but it is currently not
explicitly generating/setting the RSA params. From what I've read
these params are probably generated on the fly by GNU TLS for every
session because of this. This causes a significant increase in the
CPU utilization of the slapd processes. Other programs (exim, for
example) appear to generate these params and then save them for use
with multiple sessions. Should OpenLDAP do the same? Would security
be compramised by doing this?
Many thanks,
Stephen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: </pipermail/attachments/20030725/e1a0d9c6/attachment.pgp>
More information about the Gnutls-help
mailing list