Re: Adding new cipher suites to TLS with 256+ bit session keys.

Fri, 25 Feb 2000 06:55:46 -0800 

You might want to go to http://www.cryptosavvy.com/suggestions.htm and show
your boss that 4096 bit RSA is approximately equivalent in strength to
150-160 bit keysize symmetric ciphers. You need to get use around
13,000 -15,000 bit RSA to get roughly the strength of 256-bit keysize
symmetric ciphers. Long before then you should have switched to elliptic
curves.

Greg Stark
securityguides llc
Information Security Consultants
[EMAIL PROTECTED]
www.securityguides.com


(410) 381-9410 (Work)


----- Original Message -----
From: "Eugene Levy" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, February 20, 2000 10:44 AM
Subject: Adding new cipher suites to TLS with 256+ bit session keys.


> Does any one know if any of the proposed cipher TSL suites will be added
> to openssl?
>
> I would really like to see a RSA+Blowfish+SHA1 cipher added with 256-448
> bit blowfish session keys.  In fact I would be happy to have any decent
> TLS session symmetric cipher with 256 bit or higher key size.
>
> My boss has me working with ridiculous large 4096 bit RSA keys, and it
> seems meaningless unless I use a symmetric cipher with something larger
> than the standard 112/168 bit 3DES or 128 bit IDEA/RC4/RC2/... key sizes
> offered.  I heard the RC4/RC5 can use arbitrary large key sizes.  Is it
> possible to specify a 256 bit RC4/RC5 symmetric cipher for use in a TLS
> session?  Keep in mind that both the clients and servers are my own
> custom apps, so I don't care about web browser compatibility.
>
> Yes I know that even a 1024 bit RSA key and 128 bit symmetric cipher has
> no chance of being broken within the next 20 years.  (Gee, if a 1024 bit
> RSA key could be broken, a lot of us would be issuing our own Versign/
> Thawte certificates with their cracked keys.)  But my boss as asked me
> to use the largest practical key sizes I could for political/marketing
> reasons.
>
> Thanks in advance.
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> Development Mailing List                       [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to