[Cryptography] ratcheting DH strengths over time
Tony Arcieri
bascule at gmail.com
Sun Nov 15 20:56:13 EST 2015
On Sun, Nov 15, 2015 at 4:10 PM, ianG <iang at iang.org> wrote:
> How could we do this in a DH protocol? I would suggest a schedule over
> time. Most or all of our implementations have a timebase available.
> Something like this:
>
> 2015 - 1024
> 2016 - 1280
> 2017 - 1536
> 2018 - 1792
>
There is no reason to use FFDH anymore save for legacy compatibility or a
catastrophic failure of ECC. Use ECDH instead.
Regarding RSA, there is no compelling reason to use RSA key sizes
>2048-bits for the next decade at least:
http://www.keylength.com/
I would put my money on a large quantum computer capable of breaking all
remotely usable key strengths of RSA, FFDH, and ECC being built before
practical non-quantum attacks against 2048-bit RSA are possible.
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151115/dd7ea6a0/attachment.html>
More information about the cryptography
mailing list