"Nelson B. Bolyard" wrote:
> I think a decision to display the lesser of the two values (or something
> different) ought to be made by the application, not the NSS library.
I'd say it boils down to which piece is likely to have the best
information. If the strengths apply to the same class of attacks and
the units are convertable, it makes sense for the library to combine
them. Otherwise both values need to be exposed to the application so
the application can in turn expose them both to the user.
The risk of exposing raw data is that the data might be inappropriately
used or ignored. For example, an application using the old API could
inappropriately use the keysize instead of the secretkeysize for making
policy decisions.
> Another definition of effective key size is a measure of the "work effort"
> required to determine a key for a known plaintext/ciphertext pair.
This is the only measure that is useful to the application. The other
two numbers are clearly inferior for the purpose of making a policy
decision.
> I think you're saying here that it might make sense when the algorithms
> are different, as opposed to merely when the keys are different but the
> algorithms are the same (e.g. RSA/RSA, as in export cipher suites). Yes?
Yes. Just as it is difficult to compare symmetric key sizes with
asymmetric key sizes, it might also be difficult to compare RSA key
sizes with DHE or DSA key sizes.
The algorithm is useful to the application as it specifies the units for
the returned key size. It allows the application or user to adjust the
key size according to the confidence the user has in the algorithm.
> For example, it is common for DH implementations to limit
> themselves to only 160-bit private exponents. So, while the prime modulus
> may be much longer than 320 bits, the number of actual secret keys that
> can be derived from it may be only 2^320.
The number of actual secret keys is not as important as a measure of the
resistance to attack that is roughly comparable to other algorithms of
the same type.
S/MIME Cryptographic Signature
