Hi Paul, 80 bits of security strength is the bigiest number that I have seen from the cryptographic community for estimating the strength of 1k DH.
Regards, Quynh. ________________________________________ From: IPsec <[email protected]> on behalf of Paul Wouters <[email protected]> Sent: Thursday, May 12, 2016 9:46:58 AM To: Dang, Quynh (Fed) Cc: IPsecME WG; Tero Kivinen Subject: Re: [IPsec] I-D Action: draft-ietf-ipsecme-rfc4307bis-08.txt On Thu, 12 May 2016, Dang, Quynh (Fed) wrote: > I like your proposed new text. I also recommend to add something like this: > "The group 2 and any other cryptographic algorithms which are expected to > provide around 80 bits of security strength are considered insecure > mechanisms." Unless we can describe a complete use case, then we could be > able to say whether or not the group 2 is acceptable in that case. Without > that, we can say either it is secure or not secure, there are nothings in > between. I don't like the "and any other cryptographic algorithms which are expected to provide around 80 bits of security" First, it is not very helpful to people who don't know which algorithms are expected to provide 80 bits of security. And second, I guess the 80 bits is a NIST / USG specific value, not a cryptographic community standard. Paul _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
