oss-sec mailing list archives
Re: Prime example of a can of worms
From: Florent Daigniere <florent.daigniere () trustmatta com>
Date: Thu, 21 Jan 2016 16:37:00 +0100
On Thu, 2016-01-21 at 10:15 -0500, Steve Grubb wrote:
On Thursday, January 21, 2016 11:43:45 AM Florent Daigniere wrote:On Thu, 2016-01-21 at 04:05 +0300, gremlin () gremlin ru wrote:On 2016-01-20 08:45:07 -0700, Kurt Seifried wrote: > I finally got the article written and published, it's at: > https://securityblog.redhat.com/2016/01/20/primes-parameters-a nd-m oduli/ In that article you wrote: > I think the best plan for dealing with this in the short term > is deploying larger primes (2048 bits minimum, ideally 4096 > bits) right now wherever possible. 4096 bit keys seem to be the absolute minimum, and personally I've already moved to 8192 bit keys.I'd like to know where you guys picked those numbers from: http://www.keylength.com/en/compare/ suggests that 2048 bits is oka y for everyone but the BSI (at least not past 2016). Surely a recommendation today should have a higher standard than that. On the other hand, 3072 bits seems to be enough for everyone for the next decade or so.I think that is assuming that quantum computers are not brought to market any time soon.
Indeed. It's also assuming no other major breakthrough happens (whether it's in maths, moore's law or anything else)... but here we are talking about making recommendations towards replacing legacy crypto we suspect^wknow to be broken, in practice, in the real world, today. I think that it's very important to keep the message simple: use bigger (possibly standardized) groups, of at least X bits. The BSI thinks that X should be greater than 2048 bits and so do I. Florent
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: Prime example of a can of worms Kurt Seifried (Jan 20)
- Re: Prime example of a can of worms Daniel Kahn Gillmor (Jan 20)
- Re: Prime example of a can of worms Kurt Seifried (Jan 20)
- Re: Prime example of a can of worms Daniel Kahn Gillmor (Jan 20)
- Re: Prime example of a can of worms Kurt Seifried (Jan 20)
- Re: Prime example of a can of worms Hanno Böck (Jan 20)
- Re: Prime example of a can of worms Kurt Seifried (Jan 20)
- Re: Prime example of a can of worms Daniel Kahn Gillmor (Jan 20)
- Re: Prime example of a can of worms Florent Daigniere (Jan 21)
- Re: Prime example of a can of worms Steve Grubb (Jan 21)
- Re: Prime example of a can of worms Florent Daigniere (Jan 21)
- <Possible follow-ups>
- Re: Prime example of a can of worms Andrew Gallagher (Jan 21)
- Re: Re: Prime example of a can of worms Steve Grubb (Jan 22)