On Sun, Mar 29, 2015 at 14:12:01 +0200, Steffan Karger wrote:
> That was probably NIST SP 800-57, section 6.5.1 [1], which states
> 15360-bit DH or RSA has the same security level as AES256. Both finite
> field problems (such as DH) and integer factorization (such as RSA) are
> placed in the same league. So yes, to achieve an equal security level,
> you should choose your DH group the same size as your RSA modulus.
[...]>
> both RSA and DH are completely broken [3]. Which makes it from my point
> of view very reasonable to choose a security level similar to AES-128
> for your DH parameters or RSA modulus.
On a related topic:
I am running a small OpenVPN network that's been in place for a while
now. At some point we'll probably upgrade to a new VPN server and start
over with a new PKI infrastructure, but in the short term I was looking
for simple changes to make the existing setup more secure.
Given the web-industry move to 2048 SSL certificates these days it seems
an obvious change to switch our newly issued client certificates to
using 2048-bit keys instead of the previous 1024-bit size.
As Jack mentioned the EasyRSA setup is to use same DH parameter size as
the RSA key size -- which raises the question of what to do with DH
parameter when one is using different-sized RSA keys...
I did general web research but didn't come across any discussions that
directly covered my situation, so I was wondering:
* Am I correct that the DH and RSA operations are separate and the bit
size used for one doesn't affect the work of other? That is, the
idea behind having the DH and RSA sizes be the same is simply that
doing so means the two "links in the chain" are about the same
strength and thus neither one is an obviously-easier target for
attack?
* Assuming that's true, is there any reason I can't/shouldn't make
things a little stronger by switching to a 2048-bit dh param file on
my server (for use with both existing 1024-bit and future 2048-bit RSA
client certificates)?
Thanks.
Nathan
----------------------------------------------------------------------------
Nathan Stratton Treadway - natha...@ontko.com - Mid-Atlantic region
Ray Ontko & Co. - Software consulting services - http://www.ontko.com/
GPG Key: http://www.ontko.com/~nathanst/gpg_key.txt ID: 1023D/ECFB6239
Key fingerprint = 6AD8 485E 20B9 5C71 231C 0C32 15F3 ADCD ECFB 6239
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
