On Thu, Jan 2, 2014 at 6:13 PM, Christopher Meng <cickumqt@xxxxxxxxx> wrote:
> I'm willing to change, being as a maintainer of dropbear.
>
> But I don't know the standard is encouraged only in EU or USA, also can
> expert's opinion represent all requirements?
Look at the table on top of page 22 of the ENISA report: it relates
sizes of RSA keys and symmetrical (e.g. AES) keys. Where opinions
differ, is 1) the strength comparisons (contents of the table), and 2)
how much cryptographic strength is needed for a particular
application.
The consensus for 1) is fairly stronger (based on published attacks).
2) is obviously somewhat "political", and a matter of opinion.
1) is sufficient to argue that a larger RSA key would improve the
security of dropbear: If it is using AES-128, it is still getting only
around "80 bits of security" with the smaller RSA key. OTOH, 2) is
still an issue - you need to decide whether the longer connection time
is acceptable in the '"embedded"-type Linux systems' the package
description mentions
Mirek
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security
