1 Reply Latest reply on Feb 9, 2010 4:33 PM by SafeBoot

    Diffie-Hellman Key Size Benefits?

      What kind of benefit in security will I achieve if I choose a higher bit size in the Diffie-Hellman key size? I choose this key when I create a new server connection under System tab. I notice it takes a long time to create the new server when I choose 1024 bits. Will performance degrade with client to server communication and hot backup?

        • 1. Re: Diffie-Hellman Key Size Benefits?

          you can't change the DH key size - it's always 1024bits. The selector is for the DSA Public/Private key pair used to authenticate connections.

           

          No,  I know of no real reason to go bigger than the default, unless you think there's a real risk of someone brute forcing your auth key and installing a rogue policy server in your network.

           

          It really makes minimal difference to the performance, it does take a long time to get the primes though.