Recommended key sizes and lifespans
Bill Frantz
frantz at pwpconsult.com
Fri Jun 21 19:19:28 EDT 2002
I have been reading a draft of, "Key Management Guideline", from NIST
describing key management requirements for non-classified, but confidential
government information. When complete, it is expected to become a FIPS.
While the guidence in it is subject to change, I found the recommendations
for key sizes and lifetimes interesting.
They define equivalent strength of algorithms in terms of a symetric
algorithm with no known attacks better than brute force. DES is 56 bits,
Triple DES (with three different keys) (TDES) is 112 bits, AES is 128, 192
or 256 bits.
Secure hashes are defined as having a strength equal to half the bit-length
of their output. So SHA1 is 80 bits, SHA-256 is 128 bits, etc. for SHA-384
and SHA-512.
Algorithms based on the descrete log problem on integer fields (DSA, Diffie
Hellman, MQV) are based on the size of the modulus and the size of the
private key. The equivalents are:
modulus private symetric
key equilavent
1024 160 80
2048 224 112
3072 256 128
7680 384 192
15360 512 256
RSA is defined in terms of it's modulus size. The equilavents are the same
as for DSA etc. in the above table.
Algorithms based on the descrete log problem in elliptic curve files
(ECDSA, EC Diffie Hellman etc.) are defined in terms of the base point G of
the curve. This number is commonly considered to be the key size of the
curve.
curve symetric
size equilavent
160 80
224 112
256 128
384 192
512 256
The document then goes on to recommend key sizes for information which must
be protected past certain dates in the future:
date symetric
size
now-2015 80
2016-2035 112
2036- 128
For E, the weakest part of the system is the 1024 bit Diffie-Hellman key
agreement, the use of SHA1, and the use of DSA-1024. We should consider
that users of E with long-term data confidentality requirements will need
bigger keys.
Cheers - Bill
-------------------------------------------------------------------------
Bill Frantz | The principal effect of| Periwinkle -- Consulting
(408)356-8506 | DMCA/CBDTPA is to | 16345 Englewood Ave.
frantz at pwpconsult.com | prevent fair use. | Los Gatos, CA 95032, USA
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list