[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fwd: Re: IKEv2 Key Size Conformance Requirements
> Date: Tue, 05 Nov 2002 16:10:10 -0500
> From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
>
> >>>>> "Andrew" == Andrew Krywaniuk <andrew.krywaniuk@alcatel.com> writes:
> Andrew> I still haven't figured out what the big deal is. If someone wants to use a
> Andrew> 1022 bit key, can't they just call it a 1024 bit key where the 2 leading
> Andrew> bits are zero? Is there some RSA chip/library out there that assumes that
> Andrew> the high bit is a 1? The math works either way.
>
> Well, the OpenSSH people think that this is "broken", that you'd have a 1022
> bit key. I think that this reflects a misunderstanding of how public key
> cryptography works.
>
> I agree with you, however.
Well depending on what you mean by broken, it may well be seen as
such. The "brokenness" comes from the fact that a 1022 bit key is
not 1024 bit "strong". If you call an RSA key of 1022 bits, a 1024
bit key, then you are lying, and likely create sense of false safety.
An RSA key is not just a bit pattern. Seeing leading zero bits
drastically limits the search space of primes making up the key. Or
am I off here, it has been a while since I read the RSA math? Would
you call a 512-bit RSA key encapsuled in 1024 bits, a 1024 bit RSA key?
I would not, however, call it "broken" in the way that the math
wouldn't work, it would. It just would not be as strong as you are
trying to imply.
Niklas