----- Original Message ----- > From: "Till Maas" <opensource@xxxxxxxxx> > To: "Hubert Kario" <hkario@xxxxxxxxxx> > Cc: security@xxxxxxxxxxxxxxxxxxxxxxx > Sent: Wednesday, June 4, 2014 4:09:07 PM > Subject: Re: available crypto policies > > On Wed, Jun 04, 2014 at 08:47:16AM -0400, Hubert Kario wrote: > > > That's old version. New one > > (https://fedoraproject.org/wiki/Changes/CryptoPolicy) > > is: > > Legacy: 767+ > > default: 1023+ > > future: 3071+ > > > > that matches NIST recommendations for default (80bit) and future > > level(128bit) > > But it matches only NIST recommendations, It also matches ENISA recommendations > there are other sources that > claim that 1024 bit asymmetric is less than 80 bit symmetric. Therefore > instead of "For F21 it should provide 80-bit security" for default it > should say something like "For F21 it should provide 72-bit security" or > whatever is correct. There is no "correct" way to compare cracking asymmetric with symmetric. It's apples to oranges. The values (80, 112, 128, etc.) are only ballpark estimates and used as guidelines. -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Email: hkario@xxxxxxxxxx Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
