On 06-04-15 12:56, jack seth wrote: > On Sun, 29 Mar 2015 14:12:01, Steffan Karger wrote: >> On 28-03-15 20:05, jack seth wrote: >> > I think I read somewhere that keys should be around 15K bit to match the >> > security of AES256. Do DH parameters need to be just as large? >> > Easy-RSA makes the keys and DH parameters the same bit size. >> >> That was probably NIST SP 800-57, section 6.5.1 [1], which states >> 15360-bit DH or RSA has the same security level as AES256. Both finite >> field problems (such as DH) and integer factorization (such as RSA) are >> placed in the same league. So yes, to achieve an equal security level, >> you should choose your DH group the same size as your RSA modulus. >> >> On a practical note though, AES256 gives reasonable performance, but 15K >> RSA/DH is _very_ slow. If you don't care about the time it takes to set >> up a connection (and generate DH group parameters) that is not a >> problem, but for most real-world setups the performance hit is not >> reasonable. >> >> Also note that the reason to use AES256 is not that a 128-bits search >> space is not enough, but because if powerful quantum computers ever >> become reality, one can use Grover's algorithm [2] to reduce the search >> space to 128 bit. But, if powerful quantum computers do became reality, >> both RSA and DH are completely broken [3]. Which makes it from my point >> of view very reasonable to choose a security level similar to AES-128 >> for your DH parameters or RSA modulus. >> >> -Steffan >> >> [1] >> > http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf >> >> [2] https://en.wikipedia.org/wiki/Grover%27s_algorithm >> >> [3] http://arxiv.org/abs/quant-ph/9508027 > > What about when you use elliptic curve keys? These keys are much > smaller but should you still use DH parameters that match the RSA key size?
For future reference: I just rediscovered www.keylength.com, which gives a beautiful overview of the various key size recommendations: http://www.keylength.com/en/compare/ -Steffan ------------------------------------------------------------------------------ BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
