On Wed, 2014-06-04 at 08:47 -0400, Hubert Kario wrote: > ----- Original Message ----- > > From: "Till Maas" <opensource@xxxxxxxxx> > > To: security@xxxxxxxxxxxxxxxxxxxxxxx > > Sent: Wednesday, June 4, 2014 9:46:13 AM > > Subject: Re: available crypto policies > > > > On Thu, Mar 27, 2014 at 12:13:33PM +0100, Nikos Mavrogiannopoulos wrote: > > > > > =====LEGACY===== > > > systems. It should provide at least 64-bit security and include RC4, but > > > not MD5 as signature algorithm. > > > > > DH params size: 768+ > > > RSA params size: 768+ > > > > > > > =====DEFAULT====== > > > A reasonable default for today's standards. For F21 it should provide > > > 80-bit security and no broken ciphers like RC4. > > > > > DH params size: 1024+ > > > RSA params size: 1024+ > > > > > =====FUTURE====== > > > A level that will provide security on a conservative level that is > > > believed to withstand any near-term future attacks. That will be > > > an 128-bit security level, without including protocols with known > > > > > DH params size: 2048+ > > > RSA params size: 2048+ > > > > According to > > http://www.keylength.com/en/compare/ > > the asymetric sizes do not match the symmetric size according to most > > sources listed on http://www.keylength.com/en/compare/. > > That's old version. New one (https://fedoraproject.org/wiki/Changes/CryptoPolicy) > is: > Legacy: 767+ > default: 1023+ shouldn't this be 2047+ ? > future: 3071+ > > that matches NIST recommendations for default (80bit) and future level(128bit) -- Simo Sorce * Red Hat, Inc * New York -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
