Date: Sat, 21 Jul 2001 16:35:08 -0700 (PDT) From: Nick Sayer <nsayer@quack.kfu.com> To: <wmoran@iowna.com> Cc: <sucho2@quasar.phys.vt.edu>, <freebsd-stable@FreeBSD.ORG> Subject: Re: Is FreeBSD more secure than Windows NT or Windows 2000? Message-ID: <2439.205.178.90.249.995758508.squirrel@medusa.kfu.com> In-Reply-To: <3B59E41D.7012246F@iowna.com> References: <3B59E41D.7012246F@iowna.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Using RSA algorithms with large > keys ( >1024 ) is a good way to do this. Actually, RSA is really bad at that sort of thing. 1. RSA is very slow. 2. RSA requires much, much larger keys than a symetric cryptosystem. 3. Just how tough it will continue to be to factor large numbers is not quite as well known as how tough it will continue to be, say, to brute- force triple DES. There is only one possible reason to use RSA -- to facilitate communications with someone with whom you have not been introduced (that is, with whom you have not shared a symetric key). That's where the whole realm of certificates (with certifying authorities that have well known root certs, or in the case of PGP the web of trust) comes into play. But even then, such systems typically actually encrypt the plaintext with a traditional symetric cryptosystem using an ephemeral key. The ephemeral key is then encrypted with the relatively expensive RSA algorithm. If you want to encrypt your files, the best thing to do is pick a passphrase, run it through a secure hash, like SHA-1, take the first 168 bits of that and use them for a triple DES key. Why do the SHA-1 step? Because humans tend to pick passphrases that don't use many of the 256 combinations per byte available. Using a hash will perturb the choices so that an attacker can't exclude ranges of keys (most human pass phrases, for example, don't use bytes outside the range 32-126, for example). But now we're way off topic. :-/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2439.205.178.90.249.995758508.squirrel>