[146962] in cryptography@c2.net mail archive
Re: [Cryptography] [TLS] New Version Notification for
daemon@ATHENA.MIT.EDU (james hughes)
Tue Sep 10 12:03:30 2013
X-Original-To: cryptography@metzdowd.com
From: james hughes <hughejp@mac.com>
Date: Tue, 10 Sep 2013 09:01:37 -0700
To: Cryptography Mailing List <cryptography@metzdowd.com>
Cc: james hughes <hughejp@mac.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============5940767490524634481==
Content-type: multipart/alternative;
boundary="Apple-Mail=_D2AF96F9-B14F-45DE-87F0-49A0C77D8699"
--Apple-Mail=_D2AF96F9-B14F-45DE-87F0-49A0C77D8699
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=windows-1252
On Sep 9, 2013, at 7:30 PM, Michael Str=F6der <michael at stroeder.com> =
wrote:
>=20
> > Peter Gutmann wrote:
>=20
>> > Do you have numbers about the relative and absolute performance =
impact?
>> > Personally I don't see performance problems but I can't prove my =
position with
>> > numbers.
>=20
> MBA-2:tmp synp$ openssl speed dsa1024 dsa2048
[=85]
> sign verify sign/s verify/s
> dsa 1024 bits 0.000445s 0.000515s 2247.6 1941.8
> dsa 2048 bits 0.001416s 0.001733s 706.4 577.2
We are arguing about a key exchange that goes from ~1ms to ~3ms (where =
the cracking goes from "yes" to "no"). Yes, this is more but this is =
absolutely not a problem for PCs or even phones or tablets especially in =
the light of session keep alive and other techniques that allow a key =
exchange to last a while.=20
Is the complaint that the server load is too high?=20
Lastly, going a partial step seems strange also. Why do we what to put =
ourselves through this again so soon? The French government suggests =
2048 now (for both RSA and DHE), and will only last 6 years. =46rom=20
http://www.ssi.gouv.fr/IMG/pdf/RGS_B_1.pdf
> La taille minimale du module est de 2048 bits, pour une utilisation ne =
devant pas depasser lannee 2020.
The minimum size of the modulus is 2048 bits for use not to exceed 2020.
> Pour une utilisation au-dela de 2020, la taille minimale du module est =
de 4096 bits
For use beyond a 2020, the minimum module size is 4096 bits
Pardon the bad cut/paste and google translate, but I believe you get the =
point.=20
--Apple-Mail=_D2AF96F9-B14F-45DE-87F0-49A0C77D8699
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=windows-1252
<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dwindows-1252"><meta http-equiv=3D"Content-Type" =
content=3D"text/html charset=3Dwindows-1252"></head><body =
style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; "><pre style=3D"white-space: =
pre-wrap; word-wrap: break-word; width: 1065px; "></pre><div><div>On Sep =
9, 2013, at 7:30 PM, Michael Str=F6der <michael at <a =
href=3D"http://stroeder.com">stroeder.com</a>> =
wrote:</div><div></div><blockquote type=3D"cite"><div><br></div><div>> =
Peter Gutmann wrote:</div><div><br></div><div></div><blockquote =
type=3D"cite"><div>> Do you have numbers about the relative and =
absolute performance impact?</div><div>> Personally I don't see =
performance problems but I can't prove my position with</div><div>> =
numbers.</div></blockquote><div><br></div><div>MBA-2:tmp synp$ openssl =
speed dsa1024 dsa2048</div></blockquote>[=85]<br><blockquote =
type=3D"cite"><div><font face=3D"Courier"> =
sign verify =
sign/s verify/s</font></div><div><font face=3D"Courier">dsa 1024 =
bits 0.000445s 0.000515s 2247.6 =
1941.8</font></div><div><font face=3D"Courier">dsa 2048 bits 0.001416s =
0.001733s 706.4 =
577.2</font></div></blockquote><div><br></div>We are arguing about =
a key exchange that goes from ~1ms to ~3ms (where the cracking goes from =
"yes" to "no"). Yes, this is more but this is absolutely not a problem =
for PCs or even phones or tablets especially in the light of session =
keep alive and other techniques that allow a key exchange to last a =
while. </div><div><br></div><div>Is the complaint that the server =
load is too high? <br></div><div><br></div><div>Lastly, going a =
partial step seems strange also. Why do we what to put ourselves through =
this again so soon? The French government suggests 2048 now (for both =
RSA and DHE), and will only last 6 years. From </div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre"> </span><a =
href=3D"http://www.ssi.gouv.fr/IMG/pdf/RGS_B_1.pdf">http://www.ssi.gouv.fr=
/IMG/pdf/RGS_B_1.pdf</a></div><div><br></div><div><div></div><blockquote =
type=3D"cite">La taille minimale du module est de 2048 bits, pour une =
utilisation ne devant pas depasser lannee 2020.</blockquote>The minimum =
size of the modulus is 2048 bits for use not to exceed =
2020.<br><br><blockquote type=3D"cite">Pour une utilisation au-dela de =
2020, la taille minimale du module est de 4096 bits</blockquote>For use =
beyond a 2020, the minimum module size is 4096 bits<br><blockquote =
type=3D"cite"></blockquote></div><div><br></div><div>Pardon the bad =
cut/paste and google translate, but I believe you get the =
point. </div><div><br></div></body></html>=
--Apple-Mail=_D2AF96F9-B14F-45DE-87F0-49A0C77D8699--
--===============5940767490524634481==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============5940767490524634481==--
