On Sun, 26 Nov 2000, Derek D. Martin wrote:
>> Ummm, I believe conventional wisdom says that with modern algorithms,
>> session encryption keys longer then 100 bits or so is just a waste of
>> resources. In fact, I just checked, and the FreeS/WAN website makes
>> reference to this.
>
> I don't think that statement is true... GPG recommends a key length
> of 1024 bits ...
Those are authentication keys, which have vastly different properties than
session keys.
PPK (public/private key) systems typically work by generating a unique,
random, symmetric session key, and then encrypting *that* key with your
asymmetric keypair. The session key is completely random and has a much
shorter usage time then the authentication keypair. Thus, a shorter key can
be safely used.
Why not just use the asymmetric algorithm for everything? Because
asymmetric algorithms are significantly more resource intensive. This
technique gives you all the benefits of a PPK system at the resource cost of a
shared-secret system.
(Disclaimer: This is what I have read in books and papers on the subject.
I have never actually has to work with any of these algorithms directly. So
I could be full of it. :-)
> Of course, the encryption mechanism itself may make the key size
> irrelevant.
Or because the vendor has deliberately sabotaged said algorithm. :-)
--
Ben Scott <[EMAIL PROTECTED]>
Net Technologies, Inc. <http://www.ntisys.com>
Voice: (800)905-3049 x18 Fax: (978)499-7839
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
