> Message: 4
> Date: Sun, 29 Mar 2015 14:12:01 +0200
> From: Steffan Karger <stef...@karger.me>
> Subject: Re: [Openvpn-users] What size DH parameters for AES256?
> To: openvpn-users@lists.sourceforge.net
> Message-ID: <5517ec11.1080...@karger.me>
> Content-Type: text/plain; charset=windows-1252
>
> On 28-03-15 20:05, jack seth wrote:
> > I think I read somewhere that keys should be around 15K bit to match the
> > security of AES256. Do DH parameters need to be just as large?
> > Easy-RSA makes the keys and DH parameters the same bit size.
>
> That was probably NIST SP 800-57, section 6.5.1 [1], which states
> 15360-bit DH or RSA has the same security level as AES256. Both finite
> field problems (such as DH) and integer factorization (such as RSA) are
> placed in the same league. So yes, to achieve an equal security level,
> you should choose your DH group the same size as your RSA modulus.
>
> On a practical note though, AES256 gives reasonable performance, but 15K
> RSA/DH is _very_ slow. If you don't care about the time it takes to set
> up a connection (and generate DH group parameters) that is not a
> problem, but for most real-world setups the performance hit is not
> reasonable.
>
> Also note that the reason to use AES256 is not that a 128-bits search
> space is not enough, but because if powerful quantum computers ever
> become reality, one can use Grover's algorithm [2] to reduce the search
> space to 128 bit. But, if powerful quantum computers do became reality,
> both RSA and DH are completely broken [3]. Which makes it from my point
> of view very reasonable to choose a security level similar to AES-128
> for your DH parameters or RSA modulus.
>
> -Steffan
>
> [1]
> http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf
>
> [2] https://en.wikipedia.org/wiki/Grover%27s_algorithm
>
> [3] http://arxiv.org/abs/quant-ph/9508027
What about when you use elliptic curve keys? These keys are much smaller but
should you still use DH parameters that match the RSA key size?
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
