RE: [suse-security] which cipher for ssh2
112 bit key = 164 years. 160 bit key = 46,343,912,903,694,283 years. 1024 = 57004475357125694689539104223396268823502567825415606695024759 37269554661513 85601004275993538836681954338260654082297557264046704764131857 21983584043465 91970375694235948296717285077993443876652697015567988489528438 55120124119935 5703764368040995282761394929943067804992387977103 years
As you can unless NP=P, or barring some breakthrough in quantum computing key lengths should stay well ahead of brute force key factoring for some time.
I'm not out for an argument and, as I said, the 80/90 bits figure isn't from me and it's from memory. If you want, I can forward your mail to my colleague as a question. Don't confuse asymettric and symmetric key lengths, though. The latter are currently no higher than 320 bits, while those of the main proponents of the former, namely RSA or DH/DSA, aren't lower than 512 bits and should be 1024+. RSA is worthless unless the primes are large enough. Cheers Tobias
I'm not out for an argument and, as I said, the 80/90 bits figure isn't from me and it's from memory. If you want, I can forward your mail to my colleague as a question.
Don't confuse asymettric and symmetric key lengths, though. The latter are currently no higher than 320 bits, while those of the main proponents of
Wasn't arguing, was just making sure people understand that an 80 bit key, a 90 bit key and a 112 bit key are _SIGNIFICANTLY_ different (i.e. not just 10 times harder), something many people have getting a grasp on (2^10 is easy, 1024, but a difference of 3^32 which is 4billion+? 4billion is a beeeeeg number, I can't imagine 4 billion of anything in a concrete manner). As well any reasonably fast keybreaking typically requires absurdly (for now anyways) fast key factoring systems to brute force it. We're just getting seriously into terraflops, let alone a machine capable of terra-operations that would require many many flops =). the
former, namely RSA or DH/DSA, aren't lower than 512 bits and should be 1024+. RSA is worthless unless the primes are large enough.
Dah. But then you can do things like 3des which is usually 2 keys for an effective length of 112, but the attacker has to do 3 crypto operations, so an attack becomes expensive. Imagine the keyscape of 3pgp (yes I know pgp is a program and not the algorithm used for crypto, but you get the idea ;). 99 times out of 100 with modern crypto it's weak passphase/mistake in key recovery/creation/etc that does it in, the math is rarely wrong, unless it's a closed system or amateur system (something to be learned from that I think).
Cheers Tobias
-Kurt
participants (2)
-
Kurt Seifried
-
Reckhard, Tobias