Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

Time taken for generating DH parameters

1,737 views

Skip to first unread message

Krishnaswamy R.

unread,

May 24, 2001, 6:50:11 AM5/24/01

Hi all,

I have been trying to generate 512 & 1024 bit Diffie-Hellman parameters
using "openssl gendh" command. It takes a very long time to generate
1024bit DH parameters. On a lightly loaded HP-UX 11.0 box, for a set of
trials, the time varied from 21minutes to 1hr 27mins.
Are these within the expected generation time values? Why is there such
a
big variation in the timings?
In comparison the RSA key generation (1024 - 15sec, 2048bit - 67sec)
is very fast.

Any hints on reducing the time?
thanks,
Krishna

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org

Greg Stark

unread,

May 24, 2001, 2:26:49 PM5/24/01

Your numbers are not unreasonably long, and seem correct relative to your
RSA times. The variation is to be expected, that is just the way primes are
distributed. The DH parameter generator looks for primes p of the form
p=2*q+1, where q is also prime, whereas the RSA primes (really prime-1) need
only be relatively prime to the exponent (which, for exponent 65537, is
almost always the case). So, to find a 1024 bit RSA modulus, OpenSSL just
needs to find two 512 bit primes. This takes work proportional to 2w, where
w is the cost to find one 512-bit prime. Now for the DH case, due to the
aformentioned properties, and because the primes are twice as big, we'd
expect the work to be about (4w)^2.

====================
Greg Stark
ghs...@pobox.com
====================

Greg Stark

unread,

May 24, 2001, 2:54:01 PM5/24/01

0 new messages