Recommended key sizes and lifespans

Bill Frantz frantz at pwpconsult.com
Fri Jun 21 19:19:28 EDT 2002 

I have been reading a draft of, "Key Management Guideline", from NIST
describing key management requirements for non-classified, but confidential
government information.  When complete, it is expected to become a FIPS.
While the guidence in it is subject to change, I found the recommendations
for key sizes and lifetimes interesting.

They define equivalent strength of algorithms in terms of a symetric
algorithm with no known attacks better than brute force.  DES is 56 bits,
Triple DES (with three different keys) (TDES) is 112 bits, AES is 128, 192
or 256 bits.

Secure hashes are defined as having a strength equal to half the bit-length
of their output.  So SHA1 is 80 bits, SHA-256 is 128 bits, etc. for SHA-384
and SHA-512.

Algorithms based on the descrete log problem on integer fields (DSA, Diffie
Hellman, MQV) are based on the size of the modulus and the size of the
private key.  The equivalents are:

modulus  private   symetric
           key    equilavent

 1024      160        80
 2048      224       112
 3072      256       128
 7680      384       192
15360      512       256

RSA is defined in terms of it's modulus size.  The equilavents are the same
as for DSA etc. in the above table.

Algorithms based on the descrete log problem in elliptic curve files
(ECDSA, EC Diffie Hellman etc.) are defined in terms of the base point G of
the curve.  This number is commonly considered to be the key size of the
curve.

curve   symetric
size   equilavent

160        80
224       112
256       128
384       192
512       256


The document then goes on to recommend key sizes for information which must
be protected past certain dates in the future:

   date   symetric
            size

 now-2015    80
2016-2035   112
2036-       128


For E, the weakest part of the system is the 1024 bit Diffie-Hellman key
agreement, the use of SHA1, and the use of DSA-1024.  We should consider
that users of E with long-term data confidentality requirements will need
bigger keys.

Cheers - Bill


-------------------------------------------------------------------------
Bill Frantz           | The principal effect of| Periwinkle -- Consulting
(408)356-8506         | DMCA/CBDTPA is to      | 16345 Englewood Ave.
frantz at pwpconsult.com | prevent fair use.      | Los Gatos, CA 95032, USA



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list