----- Original Message -----
From: "Till Maas" opensource@till.name To: "Hubert Kario" hkario@redhat.com Cc: security@lists.fedoraproject.org Sent: Wednesday, June 4, 2014 4:09:07 PM Subject: Re: available crypto policies
On Wed, Jun 04, 2014 at 08:47:16AM -0400, Hubert Kario wrote:
That's old version. New one (https://fedoraproject.org/wiki/Changes/CryptoPolicy) is: Legacy: 767+ default: 1023+ future: 3071+
that matches NIST recommendations for default (80bit) and future level(128bit)
But it matches only NIST recommendations,
It also matches ENISA recommendations
there are other sources that claim that 1024 bit asymmetric is less than 80 bit symmetric. Therefore instead of "For F21 it should provide 80-bit security" for default it should say something like "For F21 it should provide 72-bit security" or whatever is correct.
There is no "correct" way to compare cracking asymmetric with symmetric. It's apples to oranges. The values (80, 112, 128, etc.) are only ballpark estimates and used as guidelines.