[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: Re: IKEv2 Key Size Conformance Requirements




>>>>> "Andrew" == Andrew Krywaniuk <andrew.krywaniuk@alcatel.com> writes:
    Andrew> I still haven't figured out what the big deal is. If someone wants to use a
    Andrew> 1022 bit key, can't they just call it a 1024 bit key where the 2 leading
    Andrew> bits are zero? Is there some RSA chip/library out there that assumes that
    Andrew> the high bit is a 1? The math works either way.

  Well, the OpenSSH people think that this is "broken", that you'd have a 1022
bit key. I think that this reflects a misunderstanding of how public key
cryptography works. 

  I agree with you, however.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [