* Ralf G. R. Bergs: > I posted about this problem into the Opera forum (see > http://my.opera.com/community/forums/topic.dml?id=167205), and received > the following reply from one of the Opera developers: > > <quote> [...] > IMO the length of that key should match the keylength of the > certificate, but to get level 3 encryption it must be at least 1024 bits > long. > </quote>
You cannot directly compare the RSA and DH bit counts, the underlying mathematical problems are not the same (discrete logarithms are harder). There is one prominent study that treats them as equivalent, but their model is more or less pulled out of thin air. We simply do not know enough about cryptography to give definite advice on key lengths. But perhaps we should change src/tls-gnu.c and increase this constant: #define DH_BITS 768 NIST recommends to use 1024 bits. BSI (the German one, not the British) recommends 1280 bits. Both do not really differentiate between ephemeral session keys and long-term keys. But bumping the value is easy and probably the right thing to do from a PR angle. >From an entropy perspective, it should not matter at all, thanks to the way GnuTLS RNG works (or, more precisely, the libgcrypt RNG). -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
