----- Original Message ----- > From: "Till Maas" <opensource@xxxxxxxxx> > To: security@xxxxxxxxxxxxxxxxxxxxxxx > Sent: Wednesday, June 4, 2014 9:46:13 AM > Subject: Re: available crypto policies > > On Thu, Mar 27, 2014 at 12:13:33PM +0100, Nikos Mavrogiannopoulos wrote: > > > =====LEGACY===== > > systems. It should provide at least 64-bit security and include RC4, but > > not MD5 as signature algorithm. > > > DH params size: 768+ > > RSA params size: 768+ > > > > =====DEFAULT====== > > A reasonable default for today's standards. For F21 it should provide > > 80-bit security and no broken ciphers like RC4. > > > DH params size: 1024+ > > RSA params size: 1024+ > > > =====FUTURE====== > > A level that will provide security on a conservative level that is > > believed to withstand any near-term future attacks. That will be > > an 128-bit security level, without including protocols with known > > > DH params size: 2048+ > > RSA params size: 2048+ > > According to > http://www.keylength.com/en/compare/ > the asymetric sizes do not match the symmetric size according to most > sources listed on http://www.keylength.com/en/compare/. That's old version. New one (https://fedoraproject.org/wiki/Changes/CryptoPolicy) is: Legacy: 767+ default: 1023+ future: 3071+ that matches NIST recommendations for default (80bit) and future level(128bit) -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Email: hkario@xxxxxxxxxx Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
