Diffie Hellman key exchange algorithms

Damien Miller djm at mindrot.org
Tue Sep 25 10:41:43 EST 2007


On Mon, 24 Sep 2007, Balaraman, Srinath wrote:

> Hello All,
> 
> To add to this question, I also am interested in knowing if the size of
> the DH key to be negotiated both from the Server and the Client can be
> configured? If yes, how?

Do you mean the size of the key generated by DH or the size of the group
used in diffie-hellman-group-exchange-*?

If you mean the former, then the key length is that of the symmetric
cipher that has been negotiated.

If you mean the latter, then the size of the group is chosen to yield
a similar attack complexity as the negotiated symmetric cipher. See
dh.c:dh_estimate() and the comment that preceeds it.

Either way, there is are no configuration knobs.

-d


More information about the openssh-unix-dev mailing list