Re: DH Group Exchange Fallback

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 





On 09/25/2017 01:54 AM, Mark D. Baushke wrote:
With the group18 8192-bit MODP prime, we are getting just under 192-bits
of security... depending on how you calculate it.

(I think I read somewhere that, going to 16384 (2^14) will get us to
approximately 229-bits of security and 32768 (2^15) will get us to
almost 267-bits of security, but I am unable to find the reference right
now.... sigh.)

According to NIST Special Publication 800-57, Part 1, Revision 4, p. 53, (http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf), a 7680-bit modulus is estimated to provide 192 bits of security. Hence, a 8192-bit modulus would provide a little over 192.

It also estimates that 256-bits of security is achieved with 15360-bit moduli.

   - Joe
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux