[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: comments on ikev2 05 (cryptography)
> The strength of a key derived from a Diffie-Hellman exchange using
> any of the groups defined here depends on the inherent strength of
> the group, the size of the exponent used, and the entropy provided by
> the random number generator used. Due to these inputs it is difficult
> to determine the strength of a key for any of the defined groups.
> Diffie-Hellman group number two when used with a strong random number
> generator and an exponent no less than 160 bits is sufficient to use
> for 3DES. Groups three through five provide greater security. Group
>
>I do not agree that 160 bits are sufficient for use with 3DES given that
these
>exponents allow for a full break of the DH exchange in 2^80
>operations. I would
>suggest a minimum of 180 or even 200 bits.
I seem to remember from Hillarie's earlier paper on key sizes that the size
of the exponent is not the dominant factor that contributes to the strength
of the DH exchange. When you increase the modulus from 1024 bits to 2048
bits, you now have to do 2048 bit multiplies instead of 1024 bit multiples
and that also involves a lot more memory reads. The order of this effect is
sub-exponential, but still very significant.
Could this be why the exponent size was set to 160?
Andrew
--------------------------------------
The odd thing about fairness is when
we strive so hard to be equitable
that we forget to be correct.
_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail