What primes are needed for a good Diffie-Hellman key generation?
I am going through sample code showing how to perform DH key exchange. Super simple and I understand that. However, I don't know what the appropriate size of p and q should be. The numbers in the samples are very small. But I suppose they should be much larger in practice. How much larger? Are 16-22-bit numbers enough?
source to share
Choosing safe groups for DH requires a little more than just using large enough primes. Since primes can be reused, pre-computed parameters can be reused. For example. IETF RFC 3526 has a number of proposed groups. Section 8 evaluates the safety of each of the proposed groups.
Also note that Diffie-Hellman implementations generally avoid small q (as SquareRootOfTwentyThree unfortunately suggests). The reason is subfolder subgroup attacks . To prevent such attacks, IETF groups were chosen.
source to share
Assuming by q you mean the size of the subgroup mod p , some safe values โโin 2013 are 224 bits for the former and 2048 bits for the latter. In terms of decimal digits, which means 68 and 309 respectively.
A good site for checking various opinions on cryptographic key lengths (no kidding) http://www.keylength.com . In your case, the ones dealing with the discrete logarithm apply to you.
source to share