On 5/01/14 18:27 PM, Kurt Roeckx wrote:
On Fri, Jan 03, 2014 at 12:19:10AM +0100, Aaron Zauner wrote:
3DES isn't broken.
Triple DES provides about 112bit security (We've a section on the topic in the
Paper in the Keylenghts section). All ciphers that we
recomend are at least at 128bit security.
The document doesn't seem to say that it's trying to reach a 128
bit security level over the whole chain. It seems to be happy
with 2048 bit RSA keys. They also provide 112 bit security.
As others have mentioned, these aren't quite comparable. 3DES has an 8
byte block, which gives its own problems. AES is a stronger more modern
algorithm.
Key length isn't an exact proxy for security.
Also, the setting of the RSA key is more driven by software capabilities
and CA's capabilities & compliances with mountains of documents than
anything else. Rather chalk & cheese, you can't just wind up the RSA
key size by setting a param in config, more's the pity.
iang
If you really want to go for 128 bit, you need to have the RSA
keys of at least something in the order of 3072 bit. If 2048
is fine, 3DES is fine.
Kurt
_______________________________________________
Ach mailing list
a...@lists.cert.at
http://lists.cert.at/cgi-bin/mailman/listinfo/ach
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto