[Cryptography] RSA equivalent key length/strength

John Gilmore gnu at toad.com
Fri Sep 27 03:59:15 EDT 2013

> And the problem appears to be compounded by dofus legacy implementations
> that don't support PFS greater than 1024 bits. This comes from a
> misunderstanding that DH keysizes only need to be half the RSA length.
> So to go above 1024 bits PFS we have to either
> 1) Wait for all the servers to upgrade (i.e. never do it because the won't
> upgrade)
> 2) Introduce a new cipher suite ID for 'yes we really do PFS at 2048 bits
> or above'.

Can the client recover and do something useful when the server has a
buggy (key length limited) implementation?  If so, a new cipher suite
ID is not needed, and both clients and servers can upgrade asynchronously,
getting better protection when both sides of a given connection are
running the new code.

In the case of (2) I hope you mean "yes we really do PFS with an
unlimited number of bits".  1025, 2048, as well as 16000 bits should work.


More information about the cryptography mailing list