[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Diffie-Hellman parameters for torproject.org




Hi,
the webpage www.torproject.org and git.torproject.org,
lists.torproject.org support Forward secrecy using 1024-bit DH group.

https://www.ssllabs.com/ssltest/analyze.html?d=www.torproject.org&s=38.229.72.16

According to ECRYPT II Recommendations (2012) and NIST Recommendations
(2012) Diffie-Hellman parameters should use longer DH group. For
medium-term protection ECRYPT II recommends 2432-bit DH group.

http://www.keylength.com

Yearly Report on Algorithms and Keysizes (2012), D.SPA.20 Rev. 1.0,
ICT-2007-216676 ECRYPT II, 09/2012.
http://www.ecrypt.eu.org/documents/D.SPA.20.pdf

Recommendation for Key Management, Special Publication 800-57 Part 1
Rev. 3, NIST, 07/2012.
http://csrc.nist.gov/groups/ST/toolkit/key_management.html


Apache 2.4.7, has been improved to automatically select appropriate DH
parameters, using the strength of the server key as guidance.

http://blog.ivanristic.com/2013/08/increasing-dhe-strength-on-apache.html




Attachment: signature.asc
Description: OpenPGP digital signature

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk