Am Fr 15.11.2013, 15:40:30 schrieb Juergen Polster: > For those not reading German the "summary" of the summary report is: > > Symmetric 80 bit keys are accepted for transaction data and existing > systems to be replaced in the next 5 -10 years. Symmetric keys of 128 > bit are OK for mid-term and 256 bit for long-term use. > > * Cryptographic Primitives * > Block Cipher -> AES 128, long-term AES 256 bit > Hash Function -> SHA-256, long-term SHA-512 (Camellia, SHA-3 and > Whirlpool are discussed) > Stream Ciphers -> Rabbit + Snow 3G (RC4 to be removed) > > * Public Keys* > Elliptic Curve Cryptography is recommended: Transactions -> 160 bit, > mid-term storage -> 256 bit, long-term storage -> 512 bit > RSA still can be used, recommendations are: legacy systems only -> key > size smaller than 3072, mid-term storage -> minimum 3072 (!), long-term > storage -> 15360 (corresponds to 256 bit key symmetric encryption)
That is a strange paper. The text is not even consistent: "We have focused on 128 bit security in this document for future use recommendations; clearly this offers a good long term security gaurantee. It is plausible that a similar recommendation could be made at (say) the 112 bit security level (which would correspond to roughly 2048 bit RSA keys). The line has to be drawn somewhere and there is general agreement this should be above the 100-bit level; whether one selects 112 bits or 128 bits as the correct level is a matter of taste. Due to the need to protect long term data we have taken the conservative choice and settled on 128 bits; with a higher level for very long term use." "Thus in recommending key sizes we make two distinct cases for schemes relevant for future use. The first cases is for security which you want to ensure for at least ten years (which we call near term), and secondly for security for thirty to fifty years (which we call long term)." "For near term use we recommend AES-128 and for long term use AES-256." Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/bekannte/ OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users