[Operators] Please enable Forward Secrecy for your servers!

David Banes david at banes.org
Tue Jul 21 08:49:23 UTC 2015

On 21 Jul 2015, at 09:15, Jonathan Schleifer <js-xmpp-operators at webkeks.org> wrote:

> Am 21.07.2015 um 09:44 schrieb David Banes <david at banes.org>:
>> If you're serious about stopping someone with greater computational power than you getting at your data then you should take every bit you can. But I agree, most people won't bother because you'd need the computing power available to NIST to compute that.
> *sigh* The NIST doesn't have any significant computing power. The adversary you are worried about is the NSA. But even the NSA is not able to break 128 bit or even 112 bit symmetric crypto. Even if you only have 112 bits to begin with and then assume you can break another 12 bits of AES (which currently is not the case, AES is still standing strong), then you still have 2^100 tries. That's an insanely huge number. I guess you'll be arguing now that 2^100 tries is within reach for the NSA, but it is definitely not - the NSA would need more power for that than the earth has, which can easily proven by physics.
> There's a lot on the net that explains in detail why only increasing key sizes is only giving you a fake sense of security - I'm too tired right to explain all this, so I suggest you give your preferred search engine a try, as it can be easily found. Explanations why 112 bit for symmetric crypto is still more than enough is often found in connection to security evaluations of 3DES (which usually come to the conclusion that 3DES is still secure, but slow since it's a hack and thus AES preferable).
> In this specific case though, using 4096 does not hurt, but using 2048 does not significantly reduce security. Thus ridiculing someone who wants to use 2048 only proves misunderstandings about the underlying crypto. For 1024, however, it would be totally understandable, as this is actually within reach to be broken.

I was just throwing a generic out there about the orders of magnitude of computing power you need to get anywhere near computing these numbers. NIST was a bad example but I recalled that they had access to some pretty large systems for special projects. (eg NASA)

There's no need to explain it (to me) i, I have a very complete understanding of crypto having worked in this area on and off since 1999 (following the NIST selection of Rijndael (AES) in 1998) and going through the mill to get the Australian DSD (Defense Signals Directorate) to give us a cryptography export license in 2002.  If I was working on anew prjoect now I'd be looking at something like elliptic curve ciphers.

Let's agree that I'll think twice about throwing a flippant comment onto the list in future :)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.jabber.org/pipermail/operators/attachments/20150721/a2f0c324/attachment.sig>

More information about the Operators mailing list