[Ach] Proposal to Remove legacy TLS Ciphersuits Offered by Firefox
ianG
iang at iang.org
Sun Jan 5 17:53:50 CET 2014
On 5/01/14 18:27 PM, Kurt Roeckx wrote:
> On Fri, Jan 03, 2014 at 12:19:10AM +0100, Aaron Zauner wrote:
>>
>>> 3DES isn't broken.
>> Triple DES provides about 112bit security (We've a section on the topic in the Paper in the Keylenghts section). All ciphers that we
>> recomend are at least at 128bit security.
>
> The document doesn't seem to say that it's trying to reach a 128
> bit security level over the whole chain. It seems to be happy
> with 2048 bit RSA keys. They also provide 112 bit security.
As others have mentioned, these aren't quite comparable. 3DES has an 8
byte block, which gives its own problems. AES is a stronger more modern
algorithm.
Key length isn't an exact proxy for security.
Also, the setting of the RSA key is more driven by software capabilities
and CA's capabilities & compliances with mountains of documents than
anything else. Rather chalk & cheese, you can't just wind up the RSA
key size by setting a param in config, more's the pity.
iang
> If you really want to go for 128 bit, you need to have the RSA
> keys of at least something in the order of 3072 bit. If 2048
> is fine, 3DES is fine.
>
>
> Kurt
>
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>
More information about the Ach
mailing list