[Operators] IM Observatory and Diffie-Hellman parameters

Dave Cridland dave at cridland.net
Wed Nov 13 16:33:36 UTC 2013


On Wed, Nov 13, 2013 at 3:31 PM, Fedor Brunner <fedor.brunner at azet.sk>wrote:

> For example the server jabber.ccc.de uses 2048 bit RSA public key, but
> the length of the temporary key is only 1024 bit. The public key score
> is 90, cipher score is 90
> http://xmpp.net/result.php?domain=jabber.ccc.de&type=server


Hmmm... I'm not convinced that's automatically a bad thing. Firstly, it's
generally unwise to compare bitlengths and expect the get sane results -
although as it happens, both DH and RSA happen to have roughly the same
equivalent bits of security.

Secondly, the key lifetime also has an impact - the DH negotiated temporary
key will only be used for one session, whereas the RSA key will be used for
a year. Given that cracking a 1024 bit temporary key will take (perhaps) a
year, that's probably enough to ensure the security of the vast majority of
your conversations - whereas the RSA key is protecting all of them - crack
that and it's game over. Obviously PFS is there to mitigate against this,
but if the RSA key can be cracked within its lifetime, then it becomes
trivial to perform a man-in-the-middle attack.

My personal opinion would be that 1024 bits of DH is fine, 2048 bits of RSA
is borderline, and 384 bits of EC is also fine.

Dave.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20131113/b0d74696/attachment.html>


More information about the Operators mailing list