How to Generate a Strong, Unique Diffie Hellman Group

It's actually the other way around for this one. We (meaning cryptographers) used to recommend generating finite field groups per-server. The basic idea was to help prevent precomputation attacks. This is also why you still find many articles about generating random FFDHE groups. However, since then research has shifted and numerous problems have been found with randomly generated groups, such as small subgroup attacks. Basically, there's no guarantee that a random group is actually a "good" group. So, instead of generating them randomly, today's recommendation is to only use known "good" FFDHE groups.

Well, actually the recommendation is to not use FFDHE at all - ECDHE is much better. But if you have to, use only named groups.

10 Likes