On Wed, 2014-06-04 at 08:47 -0400, Hubert Kario wrote:
----- Original Message -----
> From: "Till Maas" <opensource(a)till.name>
> To: security(a)lists.fedoraproject.org
> Sent: Wednesday, June 4, 2014 9:46:13 AM
> Subject: Re: available crypto policies
>
> On Thu, Mar 27, 2014 at 12:13:33PM +0100, Nikos Mavrogiannopoulos wrote:
>
> > =====LEGACY=====
> > systems. It should provide at least 64-bit security and include RC4, but
> > not MD5 as signature algorithm.
>
> > DH params size: 768+
> > RSA params size: 768+
>
>
> > =====DEFAULT======
> > A reasonable default for today's standards. For F21 it should provide
> > 80-bit security and no broken ciphers like RC4.
>
> > DH params size: 1024+
> > RSA params size: 1024+
>
> > =====FUTURE======
> > A level that will provide security on a conservative level that is
> > believed to withstand any near-term future attacks. That will be
> > an 128-bit security level, without including protocols with known
>
> > DH params size: 2048+
> > RSA params size: 2048+
>
> According to
>
http://www.keylength.com/en/compare/
> the asymetric sizes do not match the symmetric size according to most
> sources listed on
http://www.keylength.com/en/compare/.
That's old version. New one (
https://fedoraproject.org/wiki/Changes/CryptoPolicy)
is:
Legacy: 767+
default: 1023+
shouldn't this be 2047+ ?
future: 3071+
that matches NIST recommendations for default (80bit) and future level(128bit)
--
Simo Sorce * Red Hat, Inc * New York