[gnutls-help] certtool generate-dh-params is fast, but is it secret? is it safe?
Peter Gervai
grin at grin.hu
Wed Jan 18 14:02:58 CET 2017
Hello,
I've tried to look around for some info, but found none.
openssl dhparam -out /tmp/dh4096.pem 4096
takes tens of minutes, while
certtool --generate-dh-params --bits 4096 > /tmp/dh4096.pem
takes 2 seconds. I guess this was probably noticed by someone else,
too, and it has been asked a few times but I see no answer.
Openssl say it's looking for safe primes, and does it for quite a long
time. I would guess that certtol either know a groundbreaking new way
to find safe primes or doesn't bother at all? As my understanding goes
generating DH params with not safe primes is not very useful?
Please show me the light.
Thanks,
Peter
More information about the Gnutls-help
mailing list