On Dec 14, 2010, at 10:08 AM, ved...@nym.hush.com wrote:

> Robert J. Hansen rjh at sixdemonbag.org wrote on
> Tue Dec 14 15:47:08 CET 2010 :
> 
>> 
> http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-
> revised2_Mar08-2007.pdf
> 
> Page 63.
>> 
> 
> Thanks.
> 
> Always wondered about that. The table says:
> 
> AES-256 ... RSA k = 15360
> 
> Does anybody who is careful about using a 256 symmetric cipher 
> actually use a 15k rsa key??

Not many.

Not that there is any *harm* in using a 256-bit symmetric cipher and a 2048-bit 
asymmetric key together.  It just means that, as with many things, including 
those in the physical world (think: heavy metal front door next to a glass 
window), your overall level of security is that of the weakest item.  There is 
no harm (aside from potential interoperability problems) as long as you aren't 
fooling yourself.

There is a weak safety factor argument, too.  If it turns out that (for 
example) AES-256 isn't as strong as expected, it may well be that AES-256 is 
actually a good match to RSA-2048, and you were wise to use it instead of 
AES-128 (which given the same imaginary attack would be weaker than RSA-2048).  
You sort of need a crystal ball to make that argument though...

David


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to