TylerBurton.ca

I have been meaning to write up a short post about this for a while, but thanks to the start of a new school term I have been a bit busy.

If you have seen the security news in the last month or so you will know that RSA-768, a 768bit or 232 decimal digit asymmetric key, has been broken (factored). This has important security repercussions for all of us because it is these public key algorithms like RSA, or ElGamal, that guard our online transactions, and e-mail conversations.

So just how much should we be worrying about this newest ‘break’?

When it comes to public key cryptography it is important to remember that their security is essentially in our inability to factor them quickly. The only real way that public key cryptography could be considered broken is if we find a way to drastically increase our ability to factor massive prime numbers. Thankfully that time is still far away. In fact after digging into the news articles a little more it quickly became obvious that the feat of factoring a 768bit key, while incredibly difficult, was inevitable.

So what now?

Nothing. Currently the most popular asymmetric key size in use is 1024bit, which represents a work load increase of over 1000 times when compared to RSA-768. Still afraid? Check out the list of RSA challenges that have been issued over the years and just how few have actually be ‘broken’.

In choosing my current PGP/GPG public key I decided to go with a 2048bit one, which, according to all accounts, will be safe for years to come. As always, I recommend checking out this site for the most up to date key length recommendations from the world’s foremost cryptography experts.

There you have it

With the knowledge that you’re online transactions are still perfectly safe you have nothing to worry about.

For reference, the currently recommended key lengths for asymmetric encryption algorithms, like RSA, are 1976bit (BSI recommendation for use after 2016), 2048bit (NSA recommendation for current and future use), and 2432 (ECRYPT II recommendation for protection until at least 2030).

Well GPG to be more accurate

As my existing key was set to expire at the end of this year I have issued myself a brand new one! After much though I finally decided that creating a new key from scratch was the best idea, rather than simply adding a new subkey, because I wanted to move away from DSA/ElGamal toward RSA primarily because of the weakening of SHA1. If this all sounds like gibberish to you then don’t worry, the details aren’t nearly as important as the security provided by my new key.

If you’d like to make use of my new key please head over to the About Me section where you will find it!

Well its almost time for me to create a new PGP key. My current key for tyler at tylerburton dot ca is set to expire at the end of the year and I am trying to determine what the best way to migrate to a new key is. Some people suggest simply adding a new encryption sub key and then changing the original signing key’s expiry date so that individuals wishing to verify your signatures can continue to do so uninterrupted. Unfortunately my current key is an ElGamal/DSS based one and, after the recent increased attacks on SHA1, I would really prefer to move to an RSA based key.

Alas I think I’m going to have to just create a new key and sign it with the current one. If anyone has any better alternatives please let me know!

In cryptography a key length refers to the digital size of the ‘key’ used to unlock the encryption algorithm. Over time the length of these keys has increased from DES’ modest 64 bit (really 56 bit) key size all the way to the new AES specified key lengths of 128 and 256 bit keys. Each bit increase in in the algorithm doubles the potential number of keys available to use, thus usually making it harder for an adversary to guess the right key.

A common question people come up against is what key size should I use? Luckily I found a website the other day that explores just this. It takes recommendations from the world’s foremost crypto experts and from cryptography conferences to present an estimation of an appropriate key length to use. What’s more they even compare symmetric key lengths, like AES, to asymmetric key lengths, like public key cryptography such as RSA, so you could see just how large of a key size you need to achieve relative security.

For simplicity I have included below the recommendations from various sources released in 2009. All of them are for the highest level of security suggested, so that might be a little overkill for every day use.

Note: The asymmetric numbers listed here are to show how large an asymmetric key should be to get equivalent security to a symmetric key. However this is not how most asymmetric keys are used. Instead they are used just to encrypt a symmetric key which does all of the work, the so called hybrid approach, because symmetric algorithms are much, much faster. As such most of these sources also make it a point to mention that an El Gamal or RSA key should actually be about 2048+ bit in size for a decent trade-off.

As you can see even among the experts the numbers vary quite a bit. To me this just proves that no one really knows how much security you need. The best you can do is decide on a decent trade-off between security and performance for your purposes. Nevertheless it is still interesting to see what the experts have to say when it comes to choosing a key length.