[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Encryption strength: what's "current" ?
How do you say "strong" encryption in a way that will not be
dated as soon as it's published ? Rather than pick arbitrary
key lengths and algorithms that might be "strong" today, I've
simply layed out the problem and left the definition of strength
as an exercize for the reader at the time it needs to be done.
I'm not sure what else I can do other than pick some numbers
and say, "but these are out of date by the time you're reading
this".
Anybody with a good background in encryption (or at least strong
opinions) care to comment/make suggestions ?
I think I've specified "open encryption" pretty well:
x.y.1 Use Encryption Algorithms Subject To Open Review
Requirement. If encryption is used to satisfy the Section 2.1.1
requirements, then the encryption algorithms used MUST be subject
to open review.
Justification. Proprietary encryption algorithms and protocols that
have not been subjected to public/peer review are more likely to
have undiscovered weaknesses or flaws than open standards and
publicly reviewed algorithms.
Examples. For applications requiring symmetric encryption AES or 3DES
satisfy the requirement. For applications requiring asymmetric
encryption RSA and Elliptic Curve satisfy the requirement. For
key exchange Diffie-Hellman meets the requirement. For message
digests MD5 and SHA meet the requirement.
Warnings. Open review is necessary but not sufficient. The strength
of the algorithm and key length must also be considered. For
example, 56-bit DES meets the open review requirement, but is
today considered too weak and is therefore not recommended.
x.y.2 Use Strong Encryption
Requirement. If encryption is used to satisfy the Section 2.1.1
requirements, then the key lengths and algorithms SHOULD be
"strong".
Justification. Short keys and weak algorithms threaten the
confidentiality and integrity of communications.
Examples. This document explicitly does not attempt to make any
authoritative statement about what key lengths and algorithms
constitute "strong" encryption. The reader is encouraged to
consult the literature and to seek advice from trusted third
parties to determine which algorithms and key lengths provide
sufficiently "strong" encryption at any given time to protect data
of a given value.
Warnings. "Strong" is a relative term. Long keys and strong
algorithms are intended to increase the work factor required to
compromise the security of the data protected. Over time, as
processing power increases, the security provided by a given
algorithm and key length will degrade. The definition of "Strong"
must be constantly reevaluated. There may be legal issues
governing the use of encryption and the strength of encryption
used.
Thanks,
---George