[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Last ditch proposal for crypto suites
> > As a practical matter requiring keys to be multiples of 32 bits is
> > also a good idea (there is a 1000 bit key in use).
>
> Could you expand on this? I don't see how this helps either
> interoperability or security.
Long ago we generated a 1000 bit key and discovered all sorts of
interesting bugs when other people tried to use the cert with their
code. Basically it is a matter of testing the large integer math
on the crypto toolkits and being sure it has been done.
> We've run into interoperability issues when moving private keys
> between different RSA implementations due to assumptions made about
> the precise modulus size or the precise size of the primes.
>
> I'd hate to see the same happen for public keys as well, and I'd
> prefer to avoid forcing customers to regenerate their long-term keys
> to migrate to IKEv2.
Are odd key sizes common?
I would see this as very much an 'accept all/only generate' type
situation. Clearly there is no value in forcing regenration of
keys. However I am somewhat nervous about the support and
interoperability for odd shaped key sizes.
Again it is an issue of testing. I think it is reasonable to test
a key pair of every size from 1024 bits thru 2048 at 32 bit intervals,
at 1 bit intervals it would get very tedious indeed. Also we can even
specify test vectors at those intervals.
Phill