[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Encryption strength: what's "current" ?

To: opsec@ops.ietf.org
Subject: Encryption strength: what's "current" ?
From: George Jones <gmj@pobox.com>
Date: Wed, 22 Oct 2003 20:30:55 -0400 (EDT)
Reply-to: gmj@pobox.com

How do you say "strong" encryption in a way that will not be
dated as soon as it's published ?  Rather than pick arbitrary
key lengths and algorithms that might be "strong" today, I've
simply layed out the problem and left the definition of strength
as an exercize for the reader at the time it needs to be done.
I'm not sure what else I can do other than pick some numbers
and say, "but these are out of date by the time you're reading
this".

Anybody with a good background in encryption (or at least strong
opinions) care to comment/make suggestions ?

I think I've specified "open encryption" pretty well:

x.y.1 Use Encryption Algorithms Subject To Open Review

   Requirement. If encryption is used to satisfy the Section 2.1.1
      requirements, then the encryption algorithms used MUST be subject
      to open review.

   Justification. Proprietary encryption algorithms and protocols that
      have not been subjected to public/peer review are more likely to
      have undiscovered weaknesses or flaws than open standards and
      publicly reviewed algorithms.

   Examples. For applications requiring symmetric encryption AES or 3DES
      satisfy the requirement.  For applications requiring asymmetric
      encryption RSA and Elliptic Curve satisfy the requirement.  For
      key exchange Diffie-Hellman meets the requirement.  For message
      digests MD5 and SHA meet the requirement.

   Warnings. Open review is necessary but not sufficient.  The strength
      of the algorithm and key length must also be considered.  For
      example, 56-bit DES meets the open review requirement, but is
      today considered too weak and is therefore not recommended.


x.y.2 Use Strong Encryption

   Requirement. If encryption is used to satisfy the Section 2.1.1
      requirements, then the key lengths and algorithms SHOULD be
      "strong".

   Justification. Short keys and weak algorithms threaten the
      confidentiality and integrity of communications.

   Examples. This document explicitly does not attempt to make any
      authoritative statement about what key lengths and algorithms
      constitute "strong" encryption. The reader is encouraged to
      consult the literature and to seek advice from trusted third
      parties to determine which algorithms and key lengths provide
      sufficiently "strong" encryption at any given time to protect data
      of a given value.

   Warnings. "Strong" is a relative term.  Long keys and strong
      algorithms are intended to increase the work factor required to
      compromise the security of the data protected.  Over time, as
      processing power increases, the security provided by a given
      algorithm and key length will degrade.  The definition of "Strong"
      must be constantly reevaluated. There may be legal issues
      governing the use of encryption and the strength of encryption
      used.



Thanks,
---George

Prev by Date: RE: More BCP: revenge of RS232 and CLIs
Next by Date: [no subject]
Previous by thread: Layer 2 is mostly gone from the BCP
Next by thread: [no subject]
Index(es):
- Date
- Thread