On 13.11.2013 17:33, Dave Cridland wrote: > On Wed, Nov 13, 2013 at 3:31 PM, Fedor Brunner <[email protected] > <mailto:[email protected]>> wrote: > > For example the server jabber.ccc.de <http://jabber.ccc.de> uses > 2048 bit RSA public key, but > the length of the temporary key is only 1024 bit. The public key score > is 90, cipher score is 90 > http://xmpp.net/result.php?domain=jabber.ccc.de&type=server > > > Hmmm... I'm not convinced that's automatically a bad thing. Firstly, > it's generally unwise to compare bitlengths and expect the get sane > results - although as it happens, both DH and RSA happen to have > roughly the same equivalent bits of security. > > Secondly, the key lifetime also has an impact - the DH negotiated > temporary key will only be used for one session, whereas the RSA key > will be used for a year. Given that cracking a 1024 bit temporary key > will take (perhaps) a year, that's probably enough to ensure the > security of the vast majority of your conversations - whereas the RSA > key is protecting all of them - crack that and it's game over. > Obviously PFS is there to mitigate against this, but if the RSA key > can be cracked within its lifetime, then it becomes trivial to perform > a man-in-the-middle attack. > > My personal opinion would be that 1024 bits of DH is fine, 2048 bits > of RSA is borderline, and 384 bits of EC is also fine. > > Dave. There is good comparison website for key sizes recommendations: http://www.keylength.com/en/compare/ Enter the year until when your system should be protected and see the Discrete Logarithm Group column.
The scenario I thinking of is "record now and decrypt later", the 1024 bit DH could protect your message for next year, but if the attacker makes a copy of your conversation now, he can later (for example in 5-10 years with much stronger hardware) break DH easily. There is communication which should be protected even for long time, for example: business strategies, client-lawyer communication, patent information. https://en.wikipedia.org/wiki/Integer_factorization_records
signature.asc
Description: OpenPGP digital signature
