Hi,
"Panos Kampanakis (pkampana)" <[email protected]> writes:
> I am not saying symmetric keys are better than public key auth.
> I am saying that applying an 80-bit security level (RSA/DSA1024) today
> offers a false sense of security. You might as well not authenticate
> the messages.
I disagree. I think in many cases an 80-bit asymmetric signature is
better than a 128 (or even 256-bit) group-symmetric scheme, precisely
because with the symmetric scheme you only need to acquire the group key
from one node, which means you can attack ANY node, whereas with the
asymmetric scheme you MUST attack the signing node (which can have
better defenses).
Even today, cracking 80-bit-secure asymmetric systems are HARD. We're
talking RSA-1024 or ECC-160. To this day, we still have not
successfully factored an RSA-1024 key. The largest public break is only
768-bits. So really, unless you're worried about the NSA turning your
lights on and off, 80-bits (RSA-1024/ECC-160/WalnutDSA) is plenty
sufficient for the next several years.
-derek
--
Derek Atkins 617-623-3745
[email protected] www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
Ace mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ace
