File Share Encryption

 View Only

  • 1.  Remove Diffie-Hillman key exchange

    Posted Oct 28, 2012 11:28 AM

    Hi,

    I am using universal server 3.20, and we are using WDE (no mail services). I have had a security review recently, and they are asking me to look into removing diffie-hillman key exchanges. We are using RSA key type for WDE, so this shouldn't be a problem. How do I do this though, and can you foresee any problems if I do this i.e. do any pgp services use diffie-hillman by default?

     

    Thanks



  • 2.  RE: Remove Diffie-Hillman key exchange

    Posted Oct 29, 2012 06:00 AM

    Hello!

     

    I am very interested in the reason the auditors have to generally declare DH as insecure!?

     To my knowledge the discrete logarithm problem isn´t solved- is it?

     

    The only reason to declare it as insecure could be that the DH itself doesn´t authenticate partners, but if other components guarantee authentication there is no reason for denying the usage of DH. (See IPSec, IKE --> DH in use).

    So do you really want to investigate which cryptgraphic algorithms are used for every product you use?

     

    Better ask those auditors or concrete explanation about their concerns about DH.

    -------------------------------

    btw - if you think DH could be used to encrypt your disk - than the answer is  NO. - DH is a key exchange algorithm to secure an unsecure channel

     

    Regards Chris



  • 3.  RE: Remove Diffie-Hillman key exchange

    Posted Nov 16, 2012 07:12 AM

    Hi,

    We use RSA for key generation, so I would like to remove the DH/DSS (Diffie-Hillman) is this possible.

    Could somone give me the command line or gui screen to do this?

     

    Thanks