Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- SSL question 128bit, 1024,2048 key lengths?
August 19, 2004, 7:10 pm
rate this thread
bit comes in. On one end browsers and certificates are quoted as being
128bit encryption yet when preparing a CSR (certificate signing request) you
specify key sizes ranging anywhere from 512 to 4096. My assumption is that
the larger key would be used for asymetric encryption of the symetric key
using PKE and that the symetric key would be the smaller 128 bit... Am I on
the wrong track here?
Thanks in advance!
- Anne & Lynn Wheeler
August 19, 2004, 5:35 pm
Re: SSL question 128bit, 1024,2048 key lengths?
from a brute force standpoint a symmmetric key can be any of the
possible 2**128 values. a RSA key is a prime number with special
characteristics .... so in a brute force checking all possible values
.... the number or possible prime numbers less than 2**128 is a lot
fewer than 2**128.
because public key encryption is so expensive ... and because there is
process problem exchanging symmetric keys .... a session symmetric key
is generated which is used to encrypt the actual data ... and the
public key is just used to encrypt the symmetric key (for key
supposedly the key size of the symmetric key is basically chosen
proportional to the required security data ... then it is desireable
to have a public keys that has at least as strong security as the
chosen symmetric key (since the public key operations are protecting
the symmetric key ... which protects the actual data).
reference to ietf document (determining strengths for public keys
used for exchanging symmetric keys) that gives numbers of approximate
equivalent security strength
Anne & Lynn Wheeler | http://www.garlic.com/~lynn /
- » Looking for pointers to get started with e-signature
- — Previous thread in » General Computer Security