Practicality : do not use 4096 bits server side private key. No, not even
2048.
Key size larger than 1024 is not supported by those bollocky client
browsers. Netscape and MSIE4 come to mind.
Regards,
Arthur Chan
- Original Message -
From: Dave Paris [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, August 11, 2003 07:34 PM
Subject: RE: high-grade vs low-grade encryption with MD5 and DES
The 5 minutes I mentioned doesn't implicitly refer to the amount of time
needed to crack the ciphertext, but more the type of data and the amount
of
time it needs to be protected.
A couple examples:
Example 1:
A password which will only work for the next ten minutes only needs to be
protected by encryption capable of rendering the text sufficiently
scrambled
for that 10 minute duration. This might mean it would take an attacker 1
minute to obtain the ciphertext and get it into a state where it can be
cryptanalyzed. Four or five minutes to determine the cipher used. Then
the
attacker is left with only 3 or 4 minutes to break the cipher if they need
one minute to actually use the password. So, how strong do you need
encryption in this case? Only long enough to hold out against a 3 to 4
minute attack.
Example 2:
A sealed court case which is mandated to be sealed for 20 years needs to
be protected by a cipher capable of using a large enough keyspace to keep
a
sustained attack against the data at bay for that 20 years.
Herein lies the challenge in the practical utilization of cryptography...
how do we know what will protect data for 20 years? We don't. So we make
educated guesses. We make compromizes. We use best-available. In the
example of the password above, 56 bit DES would be a reasonable choice.
It's fast, but weak - yet strong enough to keep that password encrypted
for
the two or three - heck, six, minutes it would be attacked. (this is not
to
say that one should use the weakest available cipher for any given problem
set! 3DES, AES, or Blowfish would be a much better choice in any case.)
In
the example of the sealed court records, we're not worried about
transaction
speed or decryption speed so an asymmetric cipher capable of utilizing a
4096 bit (or larger!) private key is much more appropriate.
Kind Regards,
-dsp
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Arthur Chan
Sent: Sunday, August 10, 2003 6:39 AM
To: [EMAIL PROTECTED]
Subject: Re: high-grade vs low-grade encryption with MD5 and DES
This is really symptomatic of our industry, isn't it? We seen to be our
own
worse enemy.
Back in 95, it took that French student days to crack the 40-bit codes.
Now
we are talking about minutes... its disheartening. Merde. I really wonder
how some of those MS sites survive these days...
- Original Message -
From: Dave Paris [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, August 11, 2003 06:16 PM
Subject: Re: high-grade vs low-grade encryption with MD5 and DES
compromised is probably a poor word to use, pointlessly weak is
more accurate. If you're going to use SSL and you're dealing with data
that needs to be protected longer than 5 minutes, use 128bit SSL.
-dsp
On Sunday, Aug 10, 2003, at 02:25 US/Eastern, Arthur Chan wrote:
Hi all.
Verisign currently has a discount on both a high grade (128bits) SSL
encrypted and a low grade (40bits) SSL encrypted certificates. The
former is
priced at US$895 and the latter at US$1395.
I noticed some sites also present Verisign certificates with
low-grade,
54-bits encryption from their Microsoft/IIS servers. However I cannot
find a
54-bits certificate in
www.verisign.com/products/site/commerce/index.html
Is this 54-bits affair only for Microsoft / IIS ???
Is low-grade encryption with 40 and 54 bits considered compromised
???
Are there any finance/insurance industry standard requiring a 128
bits,
high-grade encryption ???
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl)
