[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

length of exponents

To: IPSEC@ans.net
Subject: length of exponents
From: hugo@watson.ibm.com
Date: Tue, 28 Nov 95 15:25:36 EST

I gladly noticed that a recommendation was added to the exchange scheme #2
(Phil's 1024 bit prime) stating that exponents between 196 to 256 bits are
recommended. I have always insisted that 128 bits as exemplified in section
7.2 is unacceptable low.

The next step is to remove the number 128 from the implementation note in
section 7.2.2 (page 45), and *moreover* to recommend explicit values
in that section. (The implementation note is not recommending the use of 128
but makes it sound as a reasonable choice).

I would go one step further and say that "implementations MUST use at least
160 bits for exponents and SHOULD use 256 bits or more".

Implementation will be easily tempted to use much shorter exponents;
a mandatory minimum, although hard to check, may deter implementations
(especially products) from going too short with these exponent.

Hugo

Prev by Date: "interactive" freshness
Next by Date: anonymity against active attackers
Prev by thread: I-D ACTION:draft-krawczyk-keyed-md5-01.txt
Next by thread: length of exponents
Index(es):
- Main
- Thread