[strongSwan] Implications of Weak DH / Logjam on IPSec

Andreas Steffen andreas.steffen at strongswan.org
Thu May 21 14:52:12 CEST 2015

Hi Gerd,

I'm quite sure that the NSA knows some advanced methods to efficiently
compute 1024 bit discrete logarithms in hours if not in minutes so
I would not use a DH group less than 1536 bits anyway. To be on the
safe side just use the 2048 bit DH group. It is very interesting to
note that the Windows 7/8 Agile IKEv2 VPN client which otherwise is
a great application does not propose anything stronger than the
1024 bit DH group. Probably a concession by Microsoft to the secret
services :-(



On 21.05.2015 14:27, Gerd v. Egidy wrote:
> Ouch. So the use of MODP1024 should be phased out soon. Unfortunately a bunch
> of routers only support MODP1024 and nothing else :(

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4255 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150521/663c705d/attachment.bin>

More information about the Users mailing list