Skip to content

TylerBurton.ca

Archive

Category: Computer security

Security tip #2: key lengths

Sep 27
Computer security

In cryptography a key length refers to the digital size of the ‘key’ used to unlock the encryption algorithm. Over time the length of these keys has increased from DES’ modest 64 bit (really 56 bit) key size all the way to the new AES specified key lengths of 128 and 256 bit keys. Each bit increase in in the algorithm doubles the potential number of keys available to use, thus usually making it harder for an adversary to guess the right key.

A common question people come up against is what key size should I use? Luckily I found a website the other day that explores just this. It takes recommendations from the world’s foremost crypto experts and from cryptography conferences to present an estimation of an appropriate key length to use. What’s more they even compare symmetric key lengths, like AES, to asymmetric key lengths, like public key cryptography such as RSA, so you could see just how large of a key size you need to achieve relative security.

For simplicity I have included below the recommendations from various sources released in 2009. All of them are for the highest level of security suggested, so that might be a little overkill for every day use.

Source Symmetric Asymmetric Elliptic Curve Hash
ECRYPT II 256 15424 512 512
NSA Suite B Fact Sheet 256 N/A 384 384
BSI N/A 1976 224 224-512

Note: The asymmetric numbers listed here are to show how large an asymmetric key should be to get equivalent security to a symmetric key. However this is not how most asymmetric keys are used. Instead they are used just to encrypt a symmetric key which does all of the work, the so called hybrid approach, because symmetric algorithms are much, much faster. As such most of these sources also make it a point to mention that an El Gamal or RSA key should actually be about 2048+ bit in size for a decent trade-off.

As you can see even among the experts the numbers vary quite a bit. To me this just proves that no one really knows how much security you need. The best you can do is decide on a decent trade-off between security and performance for your purposes. Nevertheless it is still interesting to see what the experts have to say when it comes to choosing a key length.

2 Comments , , , , , , , Read more

Security tip #1: disable JavaScript in PDF reader

Sep 20
Computer security

I would like to start a series of non-regular posts related to basic computer security. Security and cryptography are two areas of computer science that I have a passion for and, unfortunately, are two areas that most computer users do a truly terrible job at. I will try to make these as straight forward as possible so anyone can follow along!

For the record, the suggestions I will be making in these tips are simply things that I have found to work for me. Whether or not they work for you, or even are appropriate for you, falls completely upon you to decide.

Earlier in the year Adobe’s Acrobat Reader fell under attack do to a flaw in the way it processes JavaScript inside of PDFs. This was especially shocking to me because I had no idea you could even embed JavaScript inside of a PDF. Thankfully this has since been patched, however scripting is one of those things that seems to attract continuous attacks. Therefore I am going to walk you through how to turn off JavaScript inside of your favourite PDF reader, so long as your favourite PDF reader is either Acrobat Reader or Foxit Reader :P


Note: I understand that JavaScript can be useful for many things, for example as a PDF form auto-competition mechanism. That being said I have never needed this feature and since disabling it many months ago I have never had to enable it for a single PDF. While your circumstances may vary from mine, I still do not see any harm in disabling this feature and then only selectively enabling it when and if you ever need it.

Adobe Acrobat Reader

  1. Open Acrobat Reader
  2. Open the Preferences window. To do this click Edit > Preferences
  3. Click JavaScript on the left
    acrobat_js1
  4. Uncheck “Enable Acrobat JavaScript”
    acrobat_js2
  5. Click OK
  6. You’re done!

Foxit Reader

  1. Open Foxit Reader
  2. Open the Preferences window. To do this click Tools > Preferences
  3. Click JavaScript on the left
    foxit_reader_js1
  4. Uncheck “Enable JavaScript Actions”
    foxit_reader_js2
  5. Click OK
  6. You’re done!
Leave a Comment , , , , Read more
TylerBurton.ca
Copyright © 2012 TylerBurton.ca Design by SRS Solutions top