[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKEv2 security consideration over-statement

To: paul.hoffman@vpnc.org
Subject: Re: IKEv2 security consideration over-statement
From: Paul Koning <pkoning@equallogic.com>
Date: Wed, 7 Apr 2004 14:35:45 -0400
Cc: ipsec@lists.tislabs.com
References: <p06100431bc99cfdd5d34@[63.202.92.152]>
Sender: owner-ipsec@lists.tislabs.com

>>>>> "PaulH" == Paul Hoffman </ VPNC <paul.hoffman@vpnc.org>> writes:

 PaulH> The sentence "Diffie-Hellman group number two, when used with a
 PaulH> strong random number generator and an exponent no less than 200
 PaulH> bits, is sufficient for use with 3DES" is probably not
 PaulH> true. Group 2 (1024 bits) is probably equivalent to about 80
 PaulH> bits of symmetric strength, not 112. A better wording for this
 PaulH> sentence is "Diffie-Hellman group number two, when used with a
 PaulH> strong random number generator and an exponent no less than 200
 PaulH> bits, is common for use with 3DES". That is, most VPN systems
 PaulH> only need 80ish bits of symmetric strength.

Sounds reasonable.  That suggests that a VPN application where this is
true might also find it sensible to use group 2 with AES, even though
in both cases the "net" security is somewhat less than the data cipher
keysize.

 PaulH> The sentence "Groups three through five provide greater
 PaulH> security" is misleading....
 PaulH> It is better to change this to simply say "Group
 PaulH> five provides greater security than group two."

Yes, I agree that that's a necessary change.

     paul

References:
- IKEv2 security consideration over-statement
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>

Prev by Date: Re: Disposition of the IKEv2 ID_KEY_ID type
Next by Date: RE: IKEv2 and IANA registry
Previous by thread: IKEv2 security consideration over-statement
Next by thread: RE: CONSENSUS TEST: Fragmentation handling
Index(es):
- Date
- Thread