|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: RFC#14 - openssh keysize
From: Adam (suck
my-balls.com)
Date: Tue Oct 21 2003 - 18:19:22 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, Oct 21, 2003 at 02:43:07PM -0700, Eric Bullen wrote:
> > On Tue, Oct 21, 2003 at 12:37:03PM -0700, Eric Bullen wrote:
> >> Your lack of understanding of how keys work discredits you from
> >> suggesting
> >> changes- a 2048 bit key is not twice as difficult to decrypt as a 1024
> >> bit
> >> key (referring to your "double the difficulty" comment), it is 2^1024
> >> times as hard.
> >
> > Speaking of lack of understanding...
> > Its not 2^1024, this isn't symmetric crypto, you don't have to do a brute
> > force search of the entire keyspace for a public/private key pair.
>
> Well, I didn't word it right (thanks, btw) - a 2048 bit key is 2^1024 as
> large as a 1024 bit key (not 2x). On a side note, you don't have to do a
> brute force attack of the entire keyspace of any crypto algorithm- you
> have a 1 in 2^2048 chance of guessing the key on the first time (on a 2048
> bit key), while a 1 in 2^1024 chance of guessing a key on the first try of
> a 1024 bit key. So basically you have a 2^1024 times smaller chance of
> guessing a 2048 bit key as apposed to a 1024 bit key.
No, you are confused. With a symmetric algorithm like AES for instance,
assuming there is no weakness allowing you to reduce your work, you have
to do a brute force search of the entire key space. The odds of you
having to actually make it all the way through the entire keyspace is
incredibly tiny, but you have to just search through the key space
because any possible key is just as likely to be the right one as any
other.
With an asymmetric algorithm like RSA, its not a random key you need to
search for, although you could try all possible keys, its not feasable.
Instead of a brute force attack, you try to factor part of their public
key, to get the 2 secret primes, so that you can calculate their private
key exactly like they did to generate it. The increase in difficulty is
how hard it is to factor a 1024 bit number versus a 2048 bit number, not
the length of time to search a 1024 bit keyspace versus a 2048 bit
keyspace.
Adam
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]