[Cryptography] RSA equivalent key length/strength

Phillip Hallam-Baker hallam at gmail.com
Tue Sep 24 19:58:27 EDT 2013

On Sun, Sep 22, 2013 at 2:00 PM, Stephen Farrell
<stephen.farrell at cs.tcd.ie>wrote:

> On 09/22/2013 01:07 AM, Patrick Pelletier wrote:
> > "1024 bits is enough for anyone"
> That's a mischaracterisation I think. Some folks (incl. me)
> have said that 1024 DHE is arguably better that no PFS and
> if current deployments mean we can't ubiquitously do better,
> then we should recommend that as an option, while at the same
> time recognising that 1024 is relatively short.

And the problem appears to be compounded by dofus legacy implementations
that don't support PFS greater than 1024 bits. This comes from a
misunderstanding that DH keysizes only need to be half the RSA length.

So to go above 1024 bits PFS we have to either

1) Wait for all the servers to upgrade (i.e. never do it because the won't

2) Introduce a new cipher suite ID for 'yes we really do PFS at 2048 bits
or above'.

I suggest (2)

Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130924/cca2e7ce/attachment.html>

More information about the cryptography mailing list