On 28-03-15 20:05, jack seth wrote: > I think I read somewhere that keys should be around 15K bit to match the > security of AES256. Do DH parameters need to be just as large? > Easy-RSA makes the keys and DH parameters the same bit size.
That was probably NIST SP 800-57, section 6.5.1 [1], which states 15360-bit DH or RSA has the same security level as AES256. Both finite field problems (such as DH) and integer factorization (such as RSA) are placed in the same league. So yes, to achieve an equal security level, you should choose your DH group the same size as your RSA modulus. On a practical note though, AES256 gives reasonable performance, but 15K RSA/DH is _very_ slow. If you don't care about the time it takes to set up a connection (and generate DH group parameters) that is not a problem, but for most real-world setups the performance hit is not reasonable. Also note that the reason to use AES256 is not that a 128-bits search space is not enough, but because if powerful quantum computers ever become reality, one can use Grover's algorithm [2] to reduce the search space to 128 bit. But, if powerful quantum computers do became reality, both RSA and DH are completely broken [3]. Which makes it from my point of view very reasonable to choose a security level similar to AES-128 for your DH parameters or RSA modulus. -Steffan [1] http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf [2] https://en.wikipedia.org/wiki/Grover%27s_algorithm [3] http://arxiv.org/abs/quant-ph/9508027 ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
