[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: speaking of keys
Marcus:
>One could put some guidance in the document about relative performance
> and security merits of the mandated groups. Or even actual numbers
> ("at the time of writing, here's the deal on performance"). I think
> that the best we can accomplish is to provide guidance to the developers
> trying to cut code for this standard. It's up to them to determine how
> to best "package" this for the ultimate consumer.
>
>I really don't have a problem with MUSTing a couple of groups at
> least.
>
> 1024 - fast, but somewhat less secure
> 15xx - slower, but rather more secure
I think that Paul Hoffman was the first to suggest the more than one MUST
approach. I think it offers a good way forward. Of course, whatever sizes
we select, a paragraph is needed in the security considerations. With the
advance of time, bigger values will be needed.
I think that 1024 should be one of the MUST implement sizes. Hugo and
David Wagner have both said that they could live with this size, and the
draft NIST guidelines say that this is sufficient for protecting sensitive
information until 2015. Further, there is some hardware the supports 1024,
then uses software if a larger key is provided. Finally, 1024 performance
is quite reasonable in software.
As for picking the right value for the next MUST implement size, I have
less clarity. We have learned that more and more hardware supports 2048,
and the draft NIST guidelines say that this is sufficient for protecting
sensitive information until 2035. Yet, the software performance,
especially on small processors, is quite poor. I think that a smaller
value is a better choice.
The draft NIST guidelines do not offer an recommendations on values between
1024 and 2048. However, some interpolation is possible. I think that we
should consider 1280 and 1536.
Russ