At 4:46 PM -0700 5/29/08, Nelson B Bolyard wrote: >In http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part1.pdf >Nist publishes a table of equivalent crypto algorithm/key strengths. > >security Symmetric DSA,DH RSA ECDSA >bits algorithms >-------- ---------- ----------------- ---------- ------------- >80 2 key 3DES L = 1024 N = 160 k = 1024 f = 160-223 >112 3 key 3DES L = 2048 N = 224 k = 2048 f = 224-255 >128 AES-128 L = 3072 N = 256 k = 3072 f = 256-383 >192 AES-192 L = 7680 N = 384 k = 7680 f = 384-511 >256 AES-256 L = 15360 N = 512 k = 15360 f = 512+ >
Yes, I know that. (I co-authored RFC 3766, which helped push NIST to publish the table above.) And it does not answer my question: What does "is cause for concern" mean when the majority of the certificates in our list are 1024 bits? Are we saying "The majority of the certificates that we say you should trust are 'of concern'"? If so, why the heck are we telling people to trust them? Unless we want to put a lower limit on the key size used in our CA pile, saying that some (most!) of the ones we accept are "of concern" is confusing at best. --Paul Hoffman _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
