Pada 14/11/2013 5:45 AM, "Fedor Brunner" <[email protected]> menulis:
> On 13.11.2013 19:21, Dave Cridland wrote: > > On 13 Nov 2013 17:01, "Fedor Brunner" <[email protected]> wrote: > >> There is good comparison website for key sizes recommendations: > > http://www.keylength.com/en/compare/ > >> Enter the year until when your system should be protected and see the > > Discrete Logarithm Group column. > > Yes, that site is very nice. > > > >> The scenario I thinking of is "record now and decrypt later", the 1024 > > bit DH could protect your message for next year, but if the attacker > makes > > a copy of your conversation now, he can later (for example in 5-10 years > > with much stronger hardware) break DH easily. There is communication > which > > should be protected even for long time, for example: business strategies, > > client-lawyer communication, patent information. > > > > Yes, I agree that some considerations might raise it, but I think the > case > > for making PFS last as long as the assymmetric identity algorithm is > pretty > > weak in general. To decrypt all communications using 1024-bit DH over a > > year is likely to be vastly bigger than for one conversation; the same > > isn't true for RSA, for example, where you could solve the private key > once. > > > > It is, I agree, the obvious attack point for a single conversation, but > > you're still talking in terms of vast computational resources for all the > > traffic. Bear in mind that if we had used 768-bit DH two years ago in > PFS, > > I'd still have only got as far as two of your sessions - I'd have to be > > pretty good on my targetting to get the information I wanted at that > rate. > For detailed description of various attack scenarios with calculations > please read > > ECRYPT II Yearly Report on Algorithms and Keysizes > (2011-2012) > http://www.ecrypt.eu.org/documents/D.SPA.20.pdf > > The 1024 bit length for DH used in older versions of software, is a > remnant of US export regulations. This regulations in 1999 permitted the > export of software programs using maximum 56-bit data encryption and > maximum 1024-bit key exchange. > > https://tools.ietf.org/html/draft-ietf-tls-56-bit-ciphersuites-01 > > >
