Hi Phillip, > You make it sound like the AES algorithm itself somehow imposes requirements > on how its key can be protected. The best I can tell, we said the same thing. The security levels among AES and RSA are equivalent.
Jeff On Sun, Jul 11, 2010 at 12:29 AM, Phillip Hellewell <ssh...@gmail.com> wrote: > On Sat, Jul 10, 2010 at 12:13 PM, Jeffrey Walton <noloa...@gmail.com> wrote: >> >> > The general approach is to encrypt data using a symmetric cipher (e.g., >> > AES-256) with a randomly-generated key, and then encrypt that symmetric >> > key >> > with the RSA (public) key. >> AES-256 requires a RSA modulus with an equivalent strength, which is a >> 15360 (IIRC). If you choose RSA-1024 or RSA-2048, you are off by >> orders of magnitude. > > You make it sound like the AES algorithm itself somehow imposes requirements > on how its key can be protected. > > I would say it more like this: "A 256-bit AES key ought to be encrypted with > an equivalent strength RSA key, 15360-bit, otherwise its resistance to > attack is reduced to the strength of the RSA key." > > Or maybe like this: "If you choose a 2048-bit RSA key to protect the AES > key, you might as well use AES-128, since AES-256 won't buy you any > additional strength." > > Phillip > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
