[Operators] IM Observatory and Diffie-Hellman parameters

Fedor Brunner fedor.brunner at azet.sk
Wed Nov 13 17:01:03 UTC 2013


On 13.11.2013 17:33, Dave Cridland wrote:
> On Wed, Nov 13, 2013 at 3:31 PM, Fedor Brunner <fedor.brunner at azet.sk
> <mailto:fedor.brunner at azet.sk>> wrote:
>
>     For example the server jabber.ccc.de <http://jabber.ccc.de> uses
>     2048 bit RSA public key, but
>     the length of the temporary key is only 1024 bit. The public key score
>     is 90, cipher score is 90
>     http://xmpp.net/result.php?domain=jabber.ccc.de&type=server
>
>
> Hmmm... I'm not convinced that's automatically a bad thing. Firstly,
> it's generally unwise to compare bitlengths and expect the get sane
> results - although as it happens, both DH and RSA happen to have
> roughly the same equivalent bits of security.
>
> Secondly, the key lifetime also has an impact - the DH negotiated
> temporary key will only be used for one session, whereas the RSA key
> will be used for a year. Given that cracking a 1024 bit temporary key
> will take (perhaps) a year, that's probably enough to ensure the
> security of the vast majority of your conversations - whereas the RSA
> key is protecting all of them - crack that and it's game over.
> Obviously PFS is there to mitigate against this, but if the RSA key
> can be cracked within its lifetime, then it becomes trivial to perform
> a man-in-the-middle attack.
>
> My personal opinion would be that 1024 bits of DH is fine, 2048 bits
> of RSA is borderline, and 384 bits of EC is also fine.
>
> Dave.
There is good comparison website for key sizes recommendations: 
http://www.keylength.com/en/compare/
Enter the year until when your system should be protected and see the
Discrete Logarithm Group column.

The scenario I thinking of is "record now and decrypt later", the 1024
bit DH could protect your message for next year, but if the attacker
makes a copy of your conversation now, he can later (for example in 5-10
years with much stronger hardware) break DH easily. There is
communication which should be protected even for long time, for example:
business strategies, client-lawyer communication, patent information.

https://en.wikipedia.org/wiki/Integer_factorization_records
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20131113/2826df83/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 992 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20131113/2826df83/attachment-0001.pgp>


More information about the Operators mailing list