5

I would like to generate Diffie-Hellman parameters on a Debian GNU/Linux "Jessie" 8 with OpenSSL. Lets assume the system CSPRNG was seeded with some real random data.

On such a system, is the result of openssl dhparam 4096 safe for production use? Are there any further tests I am supposed to run to make sure it is safe? I would like to use them for TLS in an HTTPS server or for OpenSSH servers.

I know that some people recommend not generating Diffie-Hellman parameters because things might go wrong. This question is exactly about avoiding the things that might go wrong, by knowing about them specifically.

aef
  • 267
  • 1
  • 10

1 Answers1

1

Checking manual page for ssh-keygen gives hints about generating and verifying the parameters (moduli file):

ssh-keygen -G moduli-2048.candidates -b 2048
ssh-keygen -T moduli-2048 -f moduli-2048.candidates

which sounds for me like a proven way of doing this. But I also discourage you from doing that. The examples what can go wrong are answered in related question, but basically it is really hard to verify that the generated prime is prime. Usually you can be sure that the divisor is "large enough".

Community
  • 1
Jakuje
  • 5,229
  • 16
  • 31
  • Why do you discourage from something that is recommended to avoid LOGJAM? – Deer Hunter Feb 07 '16 at 18:27
  • @DeerHunter It is not discouraging people to avoid LOGJAM, but but discouraging of doing that wrong. You mitigate Logjam using more than few primes that are bigger than 1024b. And trusting the one who generated them. OpenSSH primes satisfy all conditions. – Jakuje Feb 07 '16 at 18:39