[Cryptography] ratcheting DH strengths over time
Albert Lunde
atlunde at panix.com
Sun Nov 15 22:29:48 EST 2015
On 11/15/2015 7:56 PM, Tony Arcieri wrote:
> On Sun, Nov 15, 2015 at 4:10 PM, ianG <iang at iang.org
> <mailto:iang at iang.org>> wrote:
>
> How could we do this in a DH protocol? I would suggest a schedule
> over time. Most or all of our implementations have a timebase
> available. Something like this:
>
> 2015 - 1024
> 2016 - 1280
> 2017 - 1536
> 2018 - 1792
This isn't an unreasonable idea; at the same time views of "How
breakable is algorithm X with strength Y" change over time.
The proposal to drop support for SHA1 in signatures 6 months sooner is
this kind of decision; without there being an immediate attack on
practical SHA1 signatures, the perception of risk has altered.
More information about the cryptography
mailing list