[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: speaking of keys

To: "The Purple Streak, Hilarie Orman" <ho@alum.mit.edu>
Subject: Re: speaking of keys
From: Stephen Kent <kent@bbn.com>
Date: Fri, 6 Dec 2002 13:02:10 -0500
Cc: ipsec@lists.tislabs.com
In-Reply-To: <200212061737.gB6Hbw706193@localhost.localdomain>
References: <200212061737.gB6Hbw706193@localhost.localdomain>
Sender: owner-ipsec@lists.tislabs.com

>You only get about 80 bits of strength from a 1024-bit DH group.  That
>seems insufficient for reasonable paranoids.
>
>Hilarie

Now I am really puzzled, given the recent messages from David Wagner 
in which 160 bits of entropy was accorded to 1024-bit DH:

>"This objection has already been addressed on the list.  Those 1024
>bits of Diffie-Hellman only have 160 bits of strength (160 bits of
>"computational entropy"), hence you're not reducing security by hashing
>it down to 160 bits.
>
>Indeed, in some sense you are improving security by hashing the 1024-bit
>Diffie-Hellman result down to a 160-bit security, just as Hugo's earlier
>note pointed out.  Can I encourage you to re-read Hugo's earlier emails
>on this topic?  I hope you will find them persuasive.  (I certainly did.)"


What gives?

Steve

Follow-Ups:
- Re: speaking of keys
  - From: daw@mozart.cs.berkeley.edu (David Wagner)

References:
- Re: speaking of keys
  - From: "The Purple Streak, Hilarie Orman" <ho@alum.mit.edu>

Prev by Date: Re: speaking of keys
Next by Date: Re: Summary of key derivation thread
Prev by thread: Re: speaking of keys
Next by thread: Re: speaking of keys
Index(es):
- Date
- Thread