[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: speaking of keys

To: kent@bbn.com
Subject: Re: speaking of keys
From: "The Purple Streak, Hilarie Orman" <ho@alum.mit.edu>
Date: Fri, 6 Dec 2002 17:29:12 -0700
Cc: ipsec@lists.tislabs.com
In-reply-to: Yourmessage <p0510031bba16bc38c1fd@[128.89.88.34]>
Sender: owner-ipsec@lists.tislabs.com

You only get about an additional 16 bits of computational security for those
500 extra bits in the modulus size.

Also, the Diffie-Hellman group is a single basket holding all past
session keys.  Just because it is strong enough for one paranoid
usage doesn't account for the risk of having all past keys revealed.
You need a very healthy entropy margin to account for that.

Hilarie

On Fri, 6 Dec 2002 at 15:48:52 -0500 Stephen Kent discoursed:

> but why go all the way to 1536? Isn't there an 
> intermediate group size that would be reasonable for those who insist 
> on more than 1024, say something i the 1200 bit range?

Follow-Ups:
- Re: speaking of keys
  - From: Hugo Krawczyk <hugo@ee.technion.ac.il>

References:
- Re: speaking of keys
  - From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: Handling of IPcomp in IKEv2
Next by Date: RE: IKEv2 transport concerns
Prev by thread: Re: application APIs
Next by thread: Re: speaking of keys
Index(es):
- Date
- Thread