[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Encryption Key Lengths

To: sage-members@usenix.org
Subject: Encryption Key Lengths
From: Brian Mann <bmann@twow.com>
Date: Wed, 05 Jan 2000 13:10:22 -0800
Sender: owner-sage-members@usenix.ORG

I'm installing a VPN on my network for the first time, and need to make
decisions regarding key lengths. The available range for public key
length was 256 to 1024 bits. Being very paranoid, I selected 1024 bits.
Now I'm being asked for a private key length, with an available range
from 64 to 512 bits. The install program is prompting me with:

"The private key length is used to create the new certificate. If you
are unfamiliar with Diffie-Hellman public key parameters, use the
recommended private key length."

This recommended length is 256 bits. My question - is there some sort of
optimal ratio of public to private key lengths? Or is a longer key more
secure, regardless? I know that longer keys take exponentially longer to
generate, but that's a one-time situation. The actual encryption used
for the VPN is triple DES, which I understand to be 168 bit. So the key
lengths shouldn't have any effect on the user response time?

Sorry to be asking such basic questions. Any insights will be greatly
appreciated.

Brian
-- 
"Daddy? Do all fairy tales begin with 'Once Upon A Time'?"
"No, some begin with 'If elected I promise'."

Follow-Ups:
- Re: Encryption Key Lengths
  - From: Greg Rose <ggr@qualcomm.com>

Prev by Date: Encryption Key Lengths
Next by Date: Re: Backup software; Legato vs. Veritas?
Prev by thread: Re: Encryption Key Lengths
Next by thread: Re: Encryption Key Lengths
Index(es):
- Date
- Thread