best practices
David Shaw
dshaw at jabberwocky.com
Tue Dec 14 19:23:43 CET 2010
On Dec 14, 2010, at 10:08 AM, vedaal at nym.hush.com wrote:
> Robert J. Hansen rjh at sixdemonbag.org wrote on
> Tue Dec 14 15:47:08 CET 2010 :
>
>>
> http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-
> revised2_Mar08-2007.pdf
>
> Page 63.
>>
>
> Thanks.
>
> Always wondered about that. The table says:
>
> AES-256 ... RSA k = 15360
>
> Does anybody who is careful about using a 256 symmetric cipher
> actually use a 15k rsa key??
Not many.
Not that there is any *harm* in using a 256-bit symmetric cipher and a 2048-bit asymmetric key together. It just means that, as with many things, including those in the physical world (think: heavy metal front door next to a glass window), your overall level of security is that of the weakest item. There is no harm (aside from potential interoperability problems) as long as you aren't fooling yourself.
There is a weak safety factor argument, too. If it turns out that (for example) AES-256 isn't as strong as expected, it may well be that AES-256 is actually a good match to RSA-2048, and you were wise to use it instead of AES-128 (which given the same imaginary attack would be weaker than RSA-2048). You sort of need a crystal ball to make that argument though...
David
More information about the Gnupg-users
mailing list