ENISA Recommendation for Crypto processes

Hauke Laging mailinglisten at hauke-laging.de
Sat Nov 16 00:48:45 CET 2013


Am Fr 15.11.2013, 15:40:30 schrieb Juergen Polster:

> For those not reading German the "summary" of the summary report is:
> 
> Symmetric 80 bit keys are accepted for transaction data and existing
> systems to be replaced in the next 5 -10 years. Symmetric keys of 128
> bit are OK for mid-term and 256 bit for long-term use.
> 
> * Cryptographic Primitives *
> Block Cipher -> AES 128, long-term AES 256 bit
> Hash Function -> SHA-256, long-term SHA-512 (Camellia, SHA-3 and
> Whirlpool are discussed)
> Stream Ciphers -> Rabbit + Snow 3G (RC4 to be removed)
> 
> * Public Keys*
> Elliptic Curve Cryptography is recommended: Transactions -> 160 bit,
> mid-term storage -> 256 bit, long-term storage -> 512 bit
> RSA still can be used, recommendations are: legacy systems only -> key
> size smaller than 3072, mid-term storage -> minimum 3072 (!), long-term
> storage -> 15360 (corresponds to 256 bit key symmetric encryption)

That is a strange paper. The text is not even consistent:

"We have focused on 128 bit security in this document for future use 
recommendations; clearly this offers a good long term security gaurantee. It 
is plausible that a similar recommendation could be made at (say) the 112 bit 
security level (which would correspond to roughly 2048 bit RSA keys). The line 
has to be drawn somewhere and there is general agreement this should be above 
the 100-bit level; whether one selects 112 bits or 128 bits as the correct 
level is a matter of taste. Due to the need to protect long term data we have 
taken the conservative choice and settled on 128 bits; with a higher level for 
very long term use."

"Thus in recommending key sizes we make two distinct cases for schemes 
relevant for future use. The first cases is for security which you want to 
ensure for at least ten years (which we call near term), and secondly for 
security for thirty to fifty years (which we call long term)."

"For near term use we recommend AES-128 and for long term use AES-256."


Hauke
-- 
Crypto für alle: http://www.openpgp-schulungen.de/fuer/bekannte/
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20131116/4576f3b3/attachment.sig>


More information about the Gnupg-users mailing list