Kryptografie/Schlüssellängen: Unterschied zwischen den Versionen
Keine Bearbeitungszusammenfassung |
|||
| Zeile 1: | Zeile 1: | ||
== | == AES256 and AES128 == | ||
* I would never consider using AES256, just like I don't wear a helmet when I sit inside my car. | * I would never consider using AES256, just like I don't wear a helmet when I sit inside my car. | ||
* It's too much bother for the epsilon improvement in security. | * It's too much bother for the epsilon improvement in security. | ||
== Recommendations on keylengths need to be adapted regularly == | |||
* Since this document first of all is static and second of all, does not consider itself to be authoritative on keylengths, we would rather refer to existing publications and websites. | * Since this document first of all is static and second of all, does not consider itself to be authoritative on keylengths, we would rather refer to existing publications and websites. | ||
* Recommending a safe key length is a hit-and-miss issue. | * Recommending a safe key length is a hit-and-miss issue. | ||
| Zeile 19: | Zeile 18: | ||
[[Image:Bild12.png|top|alt="Screenshot for 128 bit symmetric key size equivalents"]] | [[Image:Bild12.png|top|alt="Screenshot for 128 bit symmetric key size equivalents"]] | ||
== Summary == | |||
; Asymmetric public-key cryptography | ; Asymmetric public-key cryptography | ||
: we consider any key length below 3248 bits to be deprecated at the time of this writing (for long term protection) | : we consider any key length below 3248 bits to be deprecated at the time of this writing (for long term protection) | ||
Version vom 1. Januar 2023, 16:33 Uhr
AES256 and AES128
- I would never consider using AES256, just like I don't wear a helmet when I sit inside my car.
- It's too much bother for the epsilon improvement in security.
Recommendations on keylengths need to be adapted regularly
- Since this document first of all is static and second of all, does not consider itself to be authoritative on keylengths, we would rather refer to existing publications and websites.
- Recommending a safe key length is a hit-and-miss issue.
Furthermore, when choosing an encryption algorithm and key length, the designer/sysadmin always needs to consider the value of the information and how long it must be protected.
- In other words: consider the number of years the data needs to stay confidential.
The ECRYPT II publication gives a fascinating overview of strengths of symmetric keys in chapter 5 and chapter 7.
- Summarizing ECRYPT II, we recommend 128 bit of key strength for symmetric keys.
- In ECRYPT II, this is considered safe for security level 7, long term protection.
In the same ECRYPT II publication you can find a practical comparison of key size equivalence between symmetric key sizes and RSA, discrete log (DLOG) and EC keylengths.
- ECRYPT II arrives at the interesting conclusion that for an equivalence of 128 bit symmetric size, you will need to use an 3248 bit RSA key (II & SYM, 2012).
There are a couple of other studies comparing keylengths and their respective strengths.
- The website https://www.keylength.com/ compares these papers and offers a good overview of approximations for key lengths based on recommendations by different standardization bodies and academic publications.
- Figure #fig:keylengths.com[1] shows a typical comparison of keylengths on this web site.
"Screenshot for 128 bit symmetric key size equivalents"
Summary
- Asymmetric public-key cryptography
- we consider any key length below 3248 bits to be deprecated at the time of this writing (for long term protection)
- For elliptic curve cryptography
- we consider key lengths below 256 bits to be inadequate for long term protection
- For symmetric algorithms
- we consider anything below 128 bits to be inadequate for long term protection