In the Massey-Omura three pass protocol:
- How many bits long should the prime modulus $M$ be in order to be secure?
- Should the $M$ be secret?
- Should the $M$ be generated every time or it could be reused to generate new keys?
Asked
Active
Viewed 180 times
2
otus
- 32,462
- 5
- 75
- 167
user1563721
- 583
- 4
- 17
1 Answers
1
How many bits long should the prime modulus $M$ be in order to be secure?
The modulus $M$ should be long enough to prevent discrete logarithms from being computable. As of 2015 this means 2048 bits length is fine, but for other (official) recommendations you should consult keylength.com
Should the $M$ be secret?
You can make $M$ secret but making it public shouldn't affect security as long as it's large enough to prevent any discrete logarithm computations from succeeding.
Should the M be generated every time or it could be reused to generate new keys?
Usually it is rather computationally intensive to generate such moduli. Again, you can generate a new modulus every time if you fear there may be unknown backdoors in public parameters or you want to dodge something like Logjam, but if the modulus is long enough you don't have to generate new moduli on every connection.
