Multiple encryption subkeys

Johan Wevers
Wed Apr 30 02:06:02 2003

Adrian 'Dagurashibanipal' von Bidder wrote:

>I guess the idea is not bad. However, you'd have to match the strength of
>the public key encryption to the strength of the underlying block cipher - I
>don't have data on this, but I when you use a 128bit block cipher with a
>2048 public key, the block cipher is much easier to break, so with going to
>4096bit public key you don't gain anything.

Not really. You need to know that symmetric-key ciphers are usually much
stronger than public-key ciphers with the same keylength. A 128 bit RSA
or DH key can be brute-forced easily. Elliptic curves seem to do better
with short keylengths but they are at this moment much less studied than
RSA or DH.

128 bit symmetric is roughly comparable to a 2048 bit RSA or DH key.

ir. J.C.A. Wevers         //  Physics and science fiction site:   //
PGP/GPG public keys at