[cryptography] Diffie-Hellman Params Best Practice on Web Server?
noloader at gmail.com
Sun Dec 8 20:23:19 EST 2013
Is there a best practice for Diffie-Hellman parameters (p, g, and q)
used on a web server?
The server is using ephemeral keys, but should the parameters be
rotated on a regular basis ? Is it OK for the server to keep them
fixed for years (in the source code)? Or should they be generated
uniquely for each site?
This server does not appear to be under NIST and FIPS, so I don't
believe they need to be fixed for compliance.
More information about the cryptography