[Help-gnutls] Security of RSA params

Stephen Frost sfrost at snowman.net
Fri Jul 25 17:20:38 CEST 2003


Greetings,

  In the source code I see places where the RSA params are generated and
  there are comments like "Only do this ever day, or every 500 connects"
  or similar.  I'd like to understand what the story with these params
  is.  It seems they need to be regenerated every so often for the
  system to not be compramised but exactly what would happen if they
  were, and how hard is it for them to be?

  What I'm wondering, specifically, is this:  Are these params given to
  the client at some point?  Can they be used to derive the session key?
  Most importantly: Can one client decrypt another client's session
  trivially if the same RSA params are used for both?

  OpenLDAP has been ported to use GNU TLS but it is currently not
  explicitly generating/setting the RSA params.  From what I've read
  these params are probably generated on the fly by GNU TLS for every
  session because of this.  This causes a significant increase in the
  CPU utilization of the slapd processes.  Other programs (exim, for
  example) appear to generate these params and then save them for use
  with multiple sessions.  Should OpenLDAP do the same?  Would security
  be compramised by doing this?

  	Many thanks,

		Stephen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: </pipermail/attachments/20030725/e1a0d9c6/attachment.pgp>


More information about the Gnutls-help mailing list