DH Primes

http://tools.ietf.org/html/rfc3526

Why does OpenSSL have a specific optimized function for generating DH primes if standard primes for DH use have already been supplied?

Probably because if you're just picking a number from a list, security is not more than the size of the list...

An attacker could just run through the list of primes..?

>>1
OpenSSL has had it from the start (1998) and before that it was in SSLeay from the start (1995). RFC 3526 was published in 2003.
Also you might want to generate bigger groups or be concerned the NSA backdoored RFC 3526 or whatever.

>>2
That's not how DH works.

>>3
Also you might want to generate bigger groups or be concerned the NSA backdoored RFC 3526 or whatever.
Isn't 8192 bits large enough?

I agree with the backdooring concern, though.

>>3 Diffie-hellman? and phi? Am i not on the right topic?

You could use one random prime, and one from the list, and you'd still get P=R*L /// phi ?= (R-1) * (L-1)

//and as long as the list is not too long; if P mod L=0 then P divide L = R... all broken?

...There's only 6 numbers in that RFC ?? and it's using D-H like i thought...

...I must be wrong, that works out to like 3 bit of security...

...Wide-OPEN SSl?

NSA... are you kidding, any old joe could break that (i should stress>) IF i'm correct..

Lets see, it would be equivalent to about six 'normal' ? operations? (average case only 3?)

...unless your op's are so large that as few as six is too much work... (and these are only multiply/divide ops.) in which case it's probably unusable...

There must be (many) more in the list? (there would want to be..)
...Why even use a list at all?

>>5-7
no, stop being stupid.

>>8
I'd hope im wrong... is there actually thousands of primes in the list..? Or are the primes not being used as the 'secret' values?

>>9
Read the fucking wikipedia article about Diffie-Hellman.

Dubs =)
will http://en.wikipedia.org/wiki/ElGamal_encryption suffice?

...what exactly are you using the primes for, if not as a secret value?

Imagine you have 20 ultra-secure passwords of varying length...
This would be an example of high security...

Now, you go and post them on the internet, and 50% of people just pick one of the 20 given passwords...
This is NOT an example of high security, nor are the passwords even near strong, regardless of whatever random combination of characters, Uber-strong hash algorithms and whatever else might give you the illusion of security.

Okay, you're definitely trolling, otherwise you'd be too stupid to breathe.

>>13
Do i get no response because i said "if not as a secret value? "...?

...do you not know for what the primes are used ?