At 09:26 PM 7/26/2007, James B. Byrne wrote:

Is there a way to use a key larger than 256 bits and is there any reason
why this would not be useful in practice?  Our standard key sizes here
seem to by either 1024 or 2048.


There's a difference between a symmetric key, and a public key. 256 bit is decent for shared key, and too small for public key crypto.

For symmetric (shared) key encryption, if 256 bit keys are not big enough it usually means the encryption is broken and you should be switching to something else ASAP.

For public key encryption, you get sizes like 1024, 2048 or even 4096. The reason why these keys are bigger is because of the sort of math involved, e.g. for RSA the difficulty of cracking is related to the difficulty of finding the factors of large numbers. You do need quite large numbers to make things hard. Whereas cracking decent shared key crypto is more like trying all the combinations so it should be harder per bit, e.g. on average it should take you 2^255 tries to crack a 256 bit key.

The advantage of public key encryption is you can freely give out the public key, you just need to keepthe private key secret. Whatever the public key encrypts, the private key can decrypt. Whatever the private key encrypts (signs) the public key can decrypt (verify). Whereas for shared key encryption, both sides need the same key.

Public key crypto is quite slow, so it is usually used to transfer the smaller symmetric (shared) keys (which should be random and changing). Then the shared keys are used to encrypt the connections.

You could probably refer to wikipedia or google for more details.


---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster

Reply via email to