[Operators] IM Observatory and Diffie-Hellman parameters

Fedor Brunner fedor.brunner at azet.sk
Wed Nov 13 21:44:57 UTC 2013

On 13.11.2013 19:21, Dave Cridland wrote:
> On 13 Nov 2013 17:01, "Fedor Brunner" <fedor.brunner at azet.sk> wrote:
>> There is good comparison website for key sizes recommendations:
> http://www.keylength.com/en/compare/
>> Enter the year until when your system should be protected and see the
> Discrete Logarithm Group column.
> Yes, that site is very nice.
>> The scenario I thinking of is "record now and decrypt later", the 1024
> bit DH could protect your message for next year, but if the attacker makes
> a copy of your conversation now, he can later (for example in 5-10 years
> with much stronger hardware) break DH easily. There is communication which
> should be protected even for long time, for example: business strategies,
> client-lawyer communication, patent information.
> Yes, I agree that some considerations might raise it, but I think the case
> for making PFS last as long as the assymmetric identity algorithm is pretty
> weak in general. To decrypt all communications using 1024-bit DH over a
> year is likely to be vastly bigger than for one conversation; the same
> isn't true for RSA, for example, where you could solve the private key once.
> It is, I agree, the obvious attack point for a single conversation, but
> you're still talking in terms of vast computational resources for all the
> traffic. Bear in mind that if we had used 768-bit DH two years ago in PFS,
> I'd still have only got as far as two of your sessions - I'd have to be
> pretty good on my targetting to get the information I wanted at that rate.
For detailed description of various attack scenarios with calculations
please read

ECRYPT II Yearly Report on Algorithms and Keysizes

The 1024 bit length for DH used in older versions of software, is a
remnant of US export regulations. This regulations in 1999 permitted the
export of software programs using maximum 56-bit data encryption and
maximum 1024-bit key exchange.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 996 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20131113/3c5c2b9c/attachment.pgp>

More information about the Operators mailing list