RFC 3766 Determining Strengths For Public Keys Used For Exchanging Symmetric Keys
Anne & Lynn Wheeler
lynn at garlic.com
Thu Apr 29 17:18:18 EDT 2004
also summary entry at
http://www.garlic.com/~lynn/rfcidx12.htm#3766
clicking on ".txt=nnn" field in the summary retrieves the actual RFC
BCP 86
RFC 3766
Title: Determining Strengths For Public Keys Used
For Exchanging Symmetric Keys
Author(s): H. Orman, P. Hoffman
Status: Best Current Practice
Date: April 2004
Mailbox: hilarie at purplestreak.com, paul.hoffman at vpnc.org
Pages: 23
Characters: 55939
Updates/Obsoletes/SeeAlso: None
I-D Tag: draft-orman-public-key-lengths-08.txt
URL: ftp://ftp.rfc-editor.org/in-notes/rfc3766.txt
Implementors of systems that use public key cryptography to exchange
symmetric keys need to make the public keys resistant to some
predetermined level of attack. That level of attack resistance is the
strength of the system, and the symmetric keys that are exchanged must
be at least as strong as the system strength requirements. The three
quantities, system strength, symmetric key strength, and public key
strength, must be consistently matched for any network protocol usage.
While it is fairly easy to express the system strength requirements in
terms of a symmetric key length and to choose a cipher that has a key
length equal to or exceeding that requirement, it is harder to choose
a public key that has a cryptographic strength meeting a symmetric key
strength requirement. This document explains how to determine the
length of an asymmetric key as a function of a symmetric key strength
requirement. Some rules of thumb for estimating equivalent resistance
to large-scale attacks on various algorithms are given. The document
also addresses how changing the sizes of the underlying large integers
(moduli, group sizes, exponents, and so on) changes the time to use
the algorithms for key exchange.
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list