[Mono-devel-list] Key Exchanges (RSA vs DH)

Sebastien Pouliot sebastien.pouliot at gmail.com
Thu Jul 28 21:30:42 EDT 2005 

Hello Thomas,

On Thu, 2005-28-07 at 03:50 -0400, Thomas Harning Jr. wrote:
> I'm trying to evaluate key exchange algorithms for both speed,
> security, and verification [S, S, V].
> I was thinking of using RSA mainly, but I ran accross some info
> about DiffieHellman being good for key exchange.  

This may, or not, be relevant to your application but DH is for key
*agreement* not key exchange - so it's not exactly the same.

> I plan on using
> the key exchange algorithm in exchanging keys for say... Rijndael or
> some other configurable algorithm.
> 
> I know a bit about RSA, but not much about DH.  I know for RSA the
> key generation process is ugly (timewise), 

very true (but for some good reasons ;-)

> but I can't remember how
> the encryption/decryption process is.

better. In fact *much* better when CRT can be used (i.e. when the
private is used and all the extra information are available).

> It seems DH is pretty fast, but I'm unsure as to how to configure it
> properly for my needs [ S,S,V ].
> In running a few tests, I found that the static key 'generation'
> works pretty good, 

you would probably get very similar times for RSA encrypt/decrypt
operations when using a pre-generated key - i.e. this doesn't mean using
a static key!

> though to me, it looks pretty unsafe.  Is it?

well it would be for a key exchange - but it's not for a key
agreement ;-) however YMMV with how you're using the stuff

> With Static key generation, I didn't need to do any passing of
> public key information (though it would obviously be the same w/
> static key)... which leads me to believe that it's relatively pointless.
> 
> Also, there's 2 lengths to specify, but I don't know what really
> affects what.  [As an aside, a patch to rename the length's names to
> something more meaningful would be nice... I may make a patch when I
> better understand how it works]
> 
> Thanks for your help, sorry about the relativly messy train of thought.

I've more confidence in the maths behind the crypto (both for RSA and
DH) than in any software/hardware implementation of them - and MUCH more
confidence in the 'wares implementations than in (most) software using
them ;-)

So I suggest you get a good look at some crypto book like "Applied
Cryptography" or the more recent "Practical Cryptography" and/or stick
"as much as possible"(tm) with industry standards.

Sebastien

More information about the Mono-devel-list mailing list