[Operators] Please enable Forward Secrecy for your servers!
david at banes.org
Tue Jul 21 07:44:44 UTC 2015
On 20 Jul 2015, at 23:19, Jonathan Schleifer <js-xmpp-operators at webkeks.org> wrote:
> Am 21.07.2015 um 00:10 schrieb David Banes <david at banes.org>:
>> On 20 Jul 2015, at 23:07, Peter Kieser <peter at kieser.ca> wrote:
>>> On 2015-07-10 2:47 AM, Mathias Ertl wrote:
>>>> * Have a valid 4096 bit certificate with at least a sha256 signature.
>>> 4096 bit seems a bit excessive. NIST is still recommending 2048 bit from 2011 to 2030.
>> I laughed....
> He's actually right - the difference between 2048 and 4096 isn't that big. 2048 equals a symmetric cipher of ~ 112 bits, while 4096 equals a symmetric cipher of ~ 128 bits. If you think about it, it only makes sense: The bigger the number gets, the fewer primes there are…
> So, 4096 bit RSA just gives you an additional 16 bits for your AES, while doubling the number of RSA bits more than doubles the computational overhead…
> That's also the reason why there's no point in doing 8192 bit RSA: It wound be insanely slow for just giving you a few extra bits. IIRC, to match AES-256, you would need RSA-32768. Have fun calculating that! If you want to match AES-256, you therefore need to go to 512-bit ECC (for ECC, you need roughly double the bits than the symmetric cipher).
If you're serious about stopping someone with greater computational power than you getting at your data then you should take every bit you can. But I agree, most people won't bother because you'd need the computing power available to NIST to compute that.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Operators