[LINK] RFI: The Key-Length Currently Needed for SSL Security
Ben McGinnes
ben at adversary.org
Sun Dec 12 14:35:43 AEDT 2010
On 10/12/10 9:43 AM, Scott Howard wrote:
> On Thu, Dec 9, 2010 at 1:58 PM, Roger Clarke <Roger.Clarke at xamax.com.au>wrote:
>
>> [If so, I wonder how many organisations can actually deploy
>> sufficient computing power to crack 256-bit keys? And how the cost
>> of doing so compares with the benefits extractable from a single set
>> of credit-card data?]
>
> The reason for the change to minimum 2048 bit keys was on the basis that
> within a 3 year period (ie, the maximum life of these keys) NIST predicted
> that it would (may?) be possible to hack a 1024 key with generally available
> computer power. It's not expected that this it possible today - it's a
> future-proofing thing.
There's also the common misconception between symmetric bit sizes and
asymmetric bit sizes.
From the NSA's page on Suite B Cryptography:
"AES with 128-bit keys provides adequate protection for classified
information up to the SECRET level. Similarly, ECDH and ECDSA using the
256-bit prime modulus elliptic curve as specified in FIPS PUB 186-3 and
SHA-256 provide adequate protection for classified information up to the
SECRET level. During the transition to the use of elliptic curve
cryptography in ECDH and ECDSA, DH, DSA and RSA can be used with a
2048-bit modulus to protect classified information up to the SECRET level.
"AES with 256-bit keys, Elliptic Curve Public Key Cryptography using the
384-bit prime modulus elliptic curve as specified in FIPS PUB 186-3 and
SHA-384 are required to protect classified information at the TOP SECRET
level. Since some products approved to protect classified information up
to the TOP SECRET level will only contain algorithms with these
parameters, algorithm interoperability between various products can only
be guaranteed by having these parameters as options."
http://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml
Also, the NIST's table of relative parity of bit sizes between different
cryptographic methods:
RSA ECC Sym
1024 160 80
2048 224 112
3072 256 128
7680 384 192
15360 512 256
RSA = assymetric
ECC = Elliptic Curve
Sym = symmetric (AES)
Regards,
Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: <https://mailman.anu.edu.au/pipermail/link/attachments/20101212/5cd58df8/attachment.sig>
More information about the Link
mailing list