----- Original Message -----
From: "Till Maas" <opensource(a)till.name>
To: "Hubert Kario" <hkario(a)redhat.com>
Cc: security(a)lists.fedoraproject.org
Sent: Wednesday, June 4, 2014 4:09:07 PM
Subject: Re: available crypto policies
On Wed, Jun 04, 2014 at 08:47:16AM -0400, Hubert Kario wrote:
> That's old version. New one
> (
https://fedoraproject.org/wiki/Changes/CryptoPolicy)
> is:
> Legacy: 767+
> default: 1023+
> future: 3071+
>
> that matches NIST recommendations for default (80bit) and future
> level(128bit)
But it matches only NIST recommendations,
It also matches ENISA recommendations
there are other sources that
claim that 1024 bit asymmetric is less than 80 bit symmetric. Therefore
instead of "For F21 it should provide 80-bit security" for default it
should say something like "For F21 it should provide 72-bit security" or
whatever is correct.
There is no "correct" way to compare cracking asymmetric with symmetric.
It's apples to oranges. The values (80, 112, 128, etc.) are only ballpark
estimates and used as guidelines.
--
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Email: hkario(a)redhat.com
Web:
www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic