[Operators] IM Observatory and Diffie-Hellman parameters

Fedor Brunner fedor.brunner at azet.sk
Wed Nov 13 21:44:57 UTC 2013


On 13.11.2013 19:21, Dave Cridland wrote:
> On 13 Nov 2013 17:01, "Fedor Brunner" <fedor.brunner at azet.sk> wrote:
>> There is good comparison website for key sizes recommendations:
> http://www.keylength.com/en/compare/
>> Enter the year until when your system should be protected and see the
> Discrete Logarithm Group column.
> Yes, that site is very nice.
>
>> The scenario I thinking of is "record now and decrypt later", the 1024
> bit DH could protect your message for next year, but if the attacker makes
> a copy of your conversation now, he can later (for example in 5-10 years
> with much stronger hardware) break DH easily. There is communication which
> should be protected even for long time, for example: business strategies,
> client-lawyer communication, patent information.
>
> Yes, I agree that some considerations might raise it, but I think the case
> for making PFS last as long as the assymmetric identity algorithm is pretty
> weak in general. To decrypt all communications using 1024-bit DH over a
> year is likely to be vastly bigger than for one conversation; the same
> isn't true for RSA, for example, where you could solve the private key once.
>
> It is, I agree, the obvious attack point for a single conversation, but
> you're still talking in terms of vast computational resources for all the
> traffic. Bear in mind that if we had used 768-bit DH two years ago in PFS,
> I'd still have only got as far as two of your sessions - I'd have to be
> pretty good on my targetting to get the information I wanted at that rate.
For detailed description of various attack scenarios with calculations
please read

ECRYPT II Yearly Report on Algorithms and Keysizes
(2011-2012)
http://www.ecrypt.eu.org/documents/D.SPA.20.pdf

The 1024 bit length for DH used in older versions of software, is a
remnant of US export regulations. This regulations in 1999 permitted the
export of software programs using maximum 56-bit data encryption and
maximum 1024-bit key exchange.

https://tools.ietf.org/html/draft-ietf-tls-56-bit-ciphersuites-01


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 996 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20131113/3c5c2b9c/attachment.pgp>


More information about the Operators mailing list