On 17:06 Fri 13 Mar , Marc Kleine-Budde wrote: > On 03/13/2015 04:54 PM, Jean-Christophe PLAGNIOL-VILLARD wrote: > >>> if you can break rsa4096, the chance you can break ECC are high too > >> > >> If you want to open the box, today you would probably not break > >> rsa2048/sha1 (unless you have huge calculation power) but look for > >> implementation weaknesses, like bugs or side channel attacks. > > > > I alredy see it done on rsa1024 few years ago, today rs2048 is supposedly > > secured but as you hw may have to run for 10 years rs2048/sha1 is considered not > > strong enough > > Some thoughts on 2048 vs. 4096: > https://www.yubico.com/2015/02/big-debate-2048-4096-yubicos-stand/ I known about it already read it and work with yubico stuff I disagre on the fact that rsa2048 is good for 15 years, with more and more low cost power efficent SoC build a super calculator will be cheaper and cheaper. I'd give it a go for less than 10 years. It's always the same question what the hardware control. what damage can happend if the software is tampered with. A hw that control security door and co => high rist life issue. Medical stuf ditto. > > While sha1 is considered broken. it's broken and sha256 not yet but in 10 years strongly suspected even in brut force That's why FIPS work on SHA-2 Best Regards, J. _______________________________________________ barebox mailing list barebox@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/barebox
