[Operators] Please enable Forward Secrecy for your servers!

David Banes david at banes.org
Tue Jul 21 07:44:44 UTC 2015


On 20 Jul 2015, at 23:19, Jonathan Schleifer <js-xmpp-operators at webkeks.org> wrote:

> Am 21.07.2015 um 00:10 schrieb David Banes <david at banes.org>:
> 
>> On 20 Jul 2015, at 23:07, Peter Kieser <peter at kieser.ca> wrote:
>> 
>>> On 2015-07-10 2:47 AM, Mathias Ertl wrote:
>>>> * Have a valid 4096 bit certificate with at least a sha256 signature.
>>> 
>>> 4096 bit seems a bit excessive. NIST is still recommending 2048 bit from 2011 to 2030.
>>> 
>>> -Peter
>> 
>> I laughed....
> 
> He's actually right - the difference between 2048 and 4096 isn't that big. 2048 equals a symmetric cipher of ~ 112 bits, while 4096 equals a symmetric cipher of ~ 128 bits. If you think about it, it only makes sense: The bigger the number gets, the fewer primes there are…
> 
> So, 4096 bit RSA just gives you an additional 16 bits for your AES, while doubling the number of RSA bits more than doubles the computational overhead…
> 
> That's also the reason why there's no point in doing 8192 bit RSA: It wound be insanely slow for just giving you a few extra bits. IIRC, to match AES-256, you would need RSA-32768. Have fun calculating that! If you want to match AES-256, you therefore need to go to 512-bit ECC (for ECC, you need roughly double the bits than the symmetric cipher).
> 
> --
> Jonathan
> 

If you're serious about stopping someone with greater computational power than you getting at your data then you should take every bit you can. But I agree, most people won't bother because you'd need the computing power available to NIST to compute that.

David.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.jabber.org/pipermail/operators/attachments/20150721/3fdbe6f7/attachment-0001.sig>


More information about the Operators mailing list