Re: draft-thomson-http-encryption-00 - Logjam

On 22 May 2015 at 02:11, Stephen Farrell <> wrote:
> Personally, I think the paper goes too far towards
> recommending site-specific primes be used as we do have a
> real history of that causing issues in some implementations
> that omit checks on received values and other implementations
> that send bad values. (Don't have a reference to hand sorry.)

I agree.  Apparently reference [43] in the paper explains how to
construct prime groups that have hard-to-detect small subgroups.

[43] I. A. Semaev. Special prime numbers and discrete logs in finite
prime fields.
Math. Comp., 71(237):363–377,Jan. 2002.

Received on Friday, 22 May 2015 16:52:42 UTC