[tor-talk] Diffie-Hellman parameters for torproject.org
Ondrej Sered
ondrej.sered at azet.sk
Wed Dec 11 14:32:41 UTC 2013
Hi,
the webpage www.torproject.org and git.torproject.org,
lists.torproject.org support Forward secrecy using 1024-bit DH group.
https://www.ssllabs.com/ssltest/analyze.html?d=www.torproject.org&s=38.229.72.16
According to ECRYPT II Recommendations (2012) and NIST Recommendations
(2012) Diffie-Hellman parameters should use longer DH group. For
medium-term protection ECRYPT II recommends 2432-bit DH group.
http://www.keylength.com
Yearly Report on Algorithms and Keysizes (2012), D.SPA.20 Rev. 1.0,
ICT-2007-216676 ECRYPT II, 09/2012.
http://www.ecrypt.eu.org/documents/D.SPA.20.pdf
Recommendation for Key Management, Special Publication 800-57 Part 1
Rev. 3, NIST, 07/2012.
http://csrc.nist.gov/groups/ST/toolkit/key_management.html
Apache 2.4.7, has been improved to automatically select appropriate DH
parameters, using the strength of the server key as guidance.
http://blog.ivanristic.com/2013/08/increasing-dhe-strength-on-apache.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20131211/8a02743a/attachment.sig>
More information about the tor-talk
mailing list