[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: speaking of keys

To: hugo@ee.technion.ac.il
Subject: Re: speaking of keys
From: "The Purple Streak, Hilarie Orman" <ho@alum.mit.edu>
Date: Mon, 9 Dec 2002 17:44:14 -0700
Cc: ipsec@lists.tislabs.com
In-reply-to: Yourmessage <Pine.GSO.4.21.0212092251570.26465-100000@ee.technion.ac.il>
Sender: owner-ipsec@lists.tislabs.com

The security of a 1024-bit DH is too small for my comfort (that of a
reasonable paranoid) for a single key exchange.  I.e., I want my
asymmetric keys to have more than 90 bits of strength and would
recommend this policy to others.

Further, knowing that ALL keys exchanged for IPSec would be protected
by only this single mechanism, I want the computational cost for the
discrete log attacker to be quite a bit higher, probably proportional
to something like the number of keys expected to be exchanged for the
next 20 years.  That depends on how successful IPSec key exhange will
be.  Bet on success, assume Moore's Law falters somewhat, and add 20
bits.  Altogether that totals at least 110 bits of strength and that's
a modulus size of around 2048.

Hilarie

Follow-Ups:
- Re: speaking of keys
  - From: daw@mozart.cs.berkeley.edu (David Wagner)

References:
- Re: speaking of keys
  - From: Hugo Krawczyk <hugo@ee.technion.ac.il>

Prev by Date: Re: Summary of revised identity changes
Next by Date: Re: Summary of revised identity changes
Prev by thread: Re: speaking of keys
Next by thread: Re: speaking of keys
Index(es):
- Date
- Thread