[Ach] Proposal to Remove legacy TLS Ciphersuits Offered by Firefox

ianG iang at iang.org
Sun Jan 5 17:53:50 CET 2014

On 5/01/14 18:27 PM, Kurt Roeckx wrote:
> On Fri, Jan 03, 2014 at 12:19:10AM +0100, Aaron Zauner wrote:
>>> 3DES isn't broken.
>> Triple DES provides about 112bit security (We've a section on the topic in the Paper in the Keylenghts section). All ciphers that we
>> recomend are at least at 128bit security.
> The document doesn't seem to say that it's trying to reach a 128
> bit security level over the whole chain.  It seems to be happy
> with 2048 bit RSA keys.  They also provide 112 bit security.

As others have mentioned, these aren't quite comparable.  3DES has an 8 
byte block, which gives its own problems.  AES is a stronger more modern 

Key length isn't an exact proxy for security.

Also, the setting of the RSA key is more driven by software capabilities 
and CA's capabilities & compliances with mountains of documents than 
anything else.  Rather chalk & cheese, you can't just wind up the RSA 
key size by setting a param in config, more's the pity.


> If you really want to go for 128 bit, you need to have the RSA
> keys of at least something in the order of 3072 bit.  If 2048
> is fine, 3DES is fine.
> Kurt
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach

More information about the Ach mailing list