IETF Logo Mail Archive

Re: [TLS] Comparative cipher suite strengths

Paul Hoffman <paul.hoffman@vpnc.org> Thu, 23 April 2009 17:59 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A510A3A7002 for <tls@core3.amsl.com>; Thu, 23 Apr 2009 10:59:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.295
X-Spam-Level:
X-Spam-Status: No, score=-2.295 tagged_above=-999 required=5 tests=[AWL=0.304, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MMABBNIt67Y2 for <tls@core3.amsl.com>; Thu, 23 Apr 2009 10:59:22 -0700 (PDT)
Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 5183E3A7281 for <tls@ietf.org>; Thu, 23 Apr 2009 10:59:08 -0700 (PDT)
Received: from [10.20.30.158] (dsl-63-249-108-169.static.cruzio.com [63.249.108.169]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n3NI0Mj3091957 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 23 Apr 2009 11:00:23 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0
Message-Id: <p0624084bc6165b1aa04e@[10.20.30.158]>
In-Reply-To: <DB0308E9CFAFAE4FB19F9C151B957F4145684D52EC@EX41.exchserver.com>
References: <90E934FC4BBC1946B3C27E673B4DB0E46A6136F31C@LLE2K7-BE01.mitll.ad.local> <20090422134627.C58A718852A@kilo.networkresonance.com> <DB0308E9CFAFAE4FB19F9C151B957F4145684D4F72@EX41.exchserver.com> <20090423135638.E17DF188780@kilo.networkresonance.com> <DB0308E9CFAFAE4FB19F9C151B957F4145684D52EC@EX41.exchserver.com>
Date: Thu, 23 Apr 2009 11:00:20 -0700
To: Daniel Brown <dbrown@certicom.com>, Eric Rescorla <ekr@networkresonance.com>
From: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset="us-ascii"
Cc: "'tls@ietf.org'" <tls@ietf.org>
Subject: Re: [TLS] Comparative cipher suite strengths
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Apr 2009 17:59:22 -0000

At 1:13 PM -0400 4/23/09, Daniel Brown wrote:
>Table 4, provides a list of algorithm security lifetimes,

That's your interpretation. NIST labels the table "Recommended algorithms and minimum key sizes", and precedes it with "Table 4 provides recommendations that may be used to select an appropriate suite of algorithms and key sizes for Federal Government unclassified applications." If you want to ignore that and call it "a list of algorithm security lifetimes", that's fine, but maybe don't attribute that interpretation to NIST without further backup.
>
>which I liberally interpret as saying 2^80 computations may be feasible for a concerted adversary, in 2010 and perhaps 2^112 operations may be feasible by 2030.

See above.

>... but perhaps NIST was ... or perhaps NIST was ... or perhaps NIST is ...

Another possibility is to take NIST's words as what they intended to say.


--Paul Hoffman, Director
--VPN Consortium

v2.23.0 | Report a Bug | By Email