I have been reading a draft of, "Key Management Guideline", from NIST describing key management requirements for non-classified, but confidential government information. When complete, it is expected to become a FIPS. While the guidence in it is subject to change, I found the recommendations for key sizes and lifetimes interesting.
They define equivalent strength of algorithms in terms of a symetric algorithm with no known attacks better than brute force. DES is 56 bits, Triple DES (with three different keys) (TDES) is 112 bits, AES is 128, 192 or 256 bits. Secure hashes are defined as having a strength equal to half the bit-length of their output. So SHA1 is 80 bits, SHA-256 is 128 bits, etc. for SHA-384 and SHA-512. Algorithms based on the descrete log problem on integer fields (DSA, Diffie Hellman, MQV) are based on the size of the modulus and the size of the private key. The equivalents are: modulus private symetric key equilavent 1024 160 80 2048 224 112 3072 256 128 7680 384 192 15360 512 256 RSA is defined in terms of it's modulus size. The equilavents are the same as for DSA etc. in the above table. Algorithms based on the descrete log problem in elliptic curve files (ECDSA, EC Diffie Hellman etc.) are defined in terms of the base point G of the curve. This number is commonly considered to be the key size of the curve. curve symetric size equilavent 160 80 224 112 256 128 384 192 512 256 The document then goes on to recommend key sizes for information which must be protected past certain dates in the future: date symetric size now-2015 80 2016-2035 112 2036- 128 For E, the weakest part of the system is the 1024 bit Diffie-Hellman key agreement, the use of SHA1, and the use of DSA-1024. We should consider that users of E with long-term data confidentality requirements will need bigger keys. Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | The principal effect of| Periwinkle -- Consulting (408)356-8506 | DMCA/CBDTPA is to | 16345 Englewood Ave. [EMAIL PROTECTED] | prevent fair use. | Los Gatos, CA 95032, USA --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]