[147311] in cryptography@c2.net mail archive
Re: [Cryptography] RSA equivalent key length/strength
daemon@ATHENA.MIT.EDU (John Gilmore)
Sat Sep 28 12:42:41 2013
X-Original-To: cryptography@metzdowd.com
To: Phillip Hallam-Baker <hallam@gmail.com>
In-reply-to: <CAMm+LwizpPs4TeN89GvqFiu1TD5LaS=OE4xL0uHy4EQ2Qr9tUg@mail.gmail.com>
Date: Fri, 27 Sep 2013 00:59:15 -0700
From: John Gilmore <gnu@toad.com>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
> And the problem appears to be compounded by dofus legacy implementations
> that don't support PFS greater than 1024 bits. This comes from a
> misunderstanding that DH keysizes only need to be half the RSA length.
>
> So to go above 1024 bits PFS we have to either
>
> 1) Wait for all the servers to upgrade (i.e. never do it because the won't
> upgrade)
>
> 2) Introduce a new cipher suite ID for 'yes we really do PFS at 2048 bits
> or above'.
Can the client recover and do something useful when the server has a
buggy (key length limited) implementation? If so, a new cipher suite
ID is not needed, and both clients and servers can upgrade asynchronously,
getting better protection when both sides of a given connection are
running the new code.
In the case of (2) I hope you mean "yes we really do PFS with an
unlimited number of bits". 1025, 2048, as well as 16000 bits should work.
John
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
