On 8/1/09 14:22, David Stutzman wrote:
* D3|\||\|!$
-----Original Message-----
Subject: A / V / Text encryption methods
It uses 256-bit encryption in order to actively encrypt the data in
each Skype call or instant message. Skype uses 1024 bit RSA to
negotiate symmetric AES keys. User public keys are certified by the
Skype server at login using 1536 or 2048-bit RSA certificates.
The key size used for signing here is 1536-2048, which is
significantly greater than 1024-bit keys that are a global norm.
I wonder why they do this. Isn't one of the things you do when coming up with
a cryptosystem choosing comparable bits of security with all your keys?
Yes: If you work in smart cards or other low-end hardware related
crypto, generally some attention is given to this. If you work at the
NSA, yes. They have an obsession with this, and it is reflected in
their designs. Their decisions are considered things of beauty.
No: If you work on the Internet, not really (most of the machines are
idle and bored anyway, statistically). If one works in heavily
standardised areas, one is generally stuck using whatever the document
states (e.g., recent MD5-is-to-be-dropped-rsn debate) regardless of
other logic.
The issue is a bit distracting because it reduces to numbers, and people
think this means a bigger number is better. The protocol is far more
important, and the requirements are far more important again.
A symmetric key of 256 bits is equivalent to an RSA key of 15360 bits according to the
NIST. Are they just giving a warm and fuzzy "more is better" when in reality
you just attack the 1024 bit RSA keypair that's negotiating said AES key and probably
becoming more and more possible each day?
Right, but the choice of 256 bits is likely more a factor of AES being
either 128 OR 256, and nothing sensible in-between. I would speculate
that they chose the larger because of Pareto-complete logic, and then
they ignore the symmetric cipher thereafter. Then, they can vary the
RSA key up and down according to their feelings of security versus
experience.
iang
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
