About factoring 1024-bits, https://hal.inria.fr/hal-01376934/file/paper.pdf shows that a special 1024-bit p was factored in 2 months. Also it explains that it is possible to factor some primes used on the internet today. Going to 1024 gives a false sense of security. Endorsing it in a standard to be used for some years down the road makes me uncomfortable. 256-bit ECDSA or EdDSA are more sufficient with good performance compared to RSA1024.
-----Original Message----- From: Derek Atkins [mailto:de...@ihtfp.com] Sent: Thursday, February 09, 2017 10:55 AM To: Eliot Lear <l...@cisco.com> Cc: Panos Kampanakis (pkampana) <pkamp...@cisco.com>; Michael StJohns <mstjo...@comcast.net>; ace@ietf.org Subject: Re: [Ace] Asymmetric signature performance On Thu, February 9, 2017 10:49 am, Eliot Lear wrote: > > > On 2/9/17 4:45 PM, Derek Atkins wrote: >> Hi, >> >> "Panos Kampanakis (pkampana)" <pkamp...@cisco.com> writes: >> >>> I am not saying symmetric keys are better than public key auth. >>> I am saying that applying an 80-bit security level (RSA/DSA1024) >>> today offers a false sense of security. You might as well not >>> authenticate the messages. >> I disagree. I think in many cases an 80-bit asymmetric signature is >> better than a 128 (or even 256-bit) group-symmetric scheme, precisely >> because with the symmetric scheme you only need to acquire the group >> key from one node, which means you can attack ANY node, whereas with >> the asymmetric scheme you MUST attack the signing node (which can >> have better defenses). > > It can, Derek, but it might not. Think light switch or doorbell button. Sure, but it's still a single point of attack versus attacking *any member of the group*. I.e., you have to direct the attack at the signing entity, which, as we seem to agree, *could* have better/stronger protections than the *weakest* member of the group. This isn't perfect, but it's still IMHO a step in the right direction. "The Perfect is the enemy of the Good Enough" > Eliot -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
