[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: speaking of keys

To: daw@mozart.cs.berkeley.edu
Subject: Re: speaking of keys
From: "The Purple Streak, Hilarie Orman" <ho@alum.mit.edu>
Date: Tue, 10 Dec 2002 15:38:09 -0700
Cc: ipsec@lists.tislabs.com
In-reply-to: Yourmessage <at5hsr$vhf$1@abraham.cs.berkeley.edu>
Sender: owner-ipsec@lists.tislabs.com

Hopefully, on 10 Dec 2002 at 20:13:15 GMT David Wagner opined:

>  The Purple Streak, Hilarie Orman wrote:
>  >The security of a 1024-bit DH is too small for my comfort (that of a
>  >reasonable paranoid) for a single key exchange.

>  But is it too small for the MUST requirement in the RFC?

It is too small for "the" MUST requirement.

>  As I see it, we have to balance two costs here.  If we require a
>  1024-bit modulus, there is a risk it will get broken in our lifetime.

Insofar as I can predict two things at once, and speaking mainly for
myself, it seems a certainty.

>  If we require a 2048-bit modulus, some people will not use IPSEC because
>  it is too slow (this is not just a risk; this is for sure).  

Where is it written that 2048 is too slow?  Of course it is slower
than 1024 and always will be, but in absolute terms, what requirements
mandate that 2048 is unacceptable and will remain so for a significant
number of years?

> How do we balance these two?

Back off to around 1500 bits or use a faster algorithm.

Hilarie

References:
- Re: speaking of keys
  - From: daw@mozart.cs.berkeley.edu (David Wagner)

Prev by Date: Re: Summary of key derivation thread
Next by Date: Re: speaking of keys
Prev by thread: Re: speaking of keys
Next by thread: Re: speaking of keys
Index(es):
- Date
- Thread