Remove Diffie-Hillman key exchange
Created: 28 Oct 2012
Hi,
I am using universal server 3.20, and we are using WDE (no mail services). I have had a security review recently, and they are asking me to look into removing diffie-hillman key exchanges. We are using RSA key type for WDE, so this shouldn't be a problem. How do I do this though, and can you foresee any problems if I do this i.e. do any pgp services use diffie-hillman by default?
Thanks
Comments
Hello! I am very interested
Hello!
I am very interested in the reason the auditors have to generally declare DH as insecure!?
To my knowledge the discrete logarithm problem isn´t solved- is it?
The only reason to declare it as insecure could be that the DH itself doesn´t authenticate partners, but if other components guarantee authentication there is no reason for denying the usage of DH. (See IPSec, IKE --> DH in use).
So do you really want to investigate which cryptgraphic algorithms are used for every product you use?
Better ask those auditors or concrete explanation about their concerns about DH.
-------------------------------
btw - if you think DH could be used to encrypt your disk - than the answer is NO. - DH is a key exchange algorithm to secure an unsecure channel
Regards Chris
Hi, We use RSA for key
Hi,
We use RSA for key generation, so I would like to remove the DH/DSS (Diffie-Hillman) is this possible.
Could somone give me the command line or gui screen to do this?
Thanks
Would you like to reply?
Login or Register to post your comment.