The Future of Encryption

[Anonymous Writer 2]

The National Institute for Standards and Technology (NIST) suggested in 2005 that the RSA 1024-bit key size will be secure till 2010. However, it appears that this estimate has been wrong, as recent research indicates that RSA 1024 will be applicable till at least 2014—possibly even 2015. Consequently, RSA 1024-bit is still unbreakable (at least as far as we know), though there is some chatter that the National Security Agency may be able to break it. Regardless of the specifics, RSA 1024 is becoming obsolete, with RSA 2048 becoming the de facto standard in asymmetric encryption.

RSA 2048 is not breakable for the present. Many Internet anonymizers utilize 2048-bit to secure the 256-bit symmetric encryption. However, there may be a problem with this. But it is important to first clarify a common misunderstanding.

According to NIST, the RSA 1024-bit is equivalent to the 80-bit symmetric key size. RSA 2048-bit is equivalent to the 112-bit symmetric key size. A 3072-bit key is equivalent to the 128-bit key size.

http://www.sovereignpress.org/elliptic-curve-cryptography/

According to the National Security Agency (NSA), it takes a 3072-bit key to protect a 128-bit symmetric key.

Most Internet anonymizers use key sizes ranging from 1024-bit to 2048-bit. Only one—as far as this author is cognizant of—uses RSA 4096, which is probably equal to about 150-bit symmetric encryption.

Nevertheless, serious questions remain that must be addressed by all serious Internet anonymizers:

1) Should there be a 1:1 ratio of asymmetric and symmetric encryption?

2) Should Elliptic Curve Cryptography replace RSA sooner or later?

In regard to the first question, in order to properly protect the symmetric key size 256-bit, a 15360-bit key is recommended for a 1:1 ratio. However, such a massive number is extremely problematic for a variety of reasons. Therefore, would it be more applicable to utilize a 3072-bit key to protect a 128-bit key size?

In regard to the second question, should Internet anonymizers consider making a switch sometime in the future to Elliptic Curve Cryptography? There appears little motion toward this, even by GnuPG.

Elliptic Curve Cryptography offers considerable more security per bit than RSA. Indeed, the ECC equivalent of the 256-bit symmetric key size is 521 bit! Compare that to 15360 for RSA!

Indeed, ECC 521-bit is almost half the size of the RSA 1024-bit key but more than three times secure per bit.

In addition to the benefits of more security per bit, ECC is considerably more difficult to break than RSA, since it is not based on factoring, as the RSA standard.

Elliptic Curve Cryptography appears to be the future of asymmetric encryption, despite some licensing issues, and serious endeavors should be made to that end.

[gabri0 0]

http://www-03.ibm.com/press/us/en/pressrelease/36901.wss

http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1

[Staff 9773]

@Anonymous Writer

Hello!

Thank you for your considerations.

We follow closely OpenVPN evolution in available ciphers. ECC is currently not available in stable releases.

On the other hand, as you stated RSA-2048 is unbreakable, and we still have the option to evolve certificates toward RSA-4096 for authentication purposes, while standing on AES-256 for the data channel as we do now.

Therefore, it might be a mistake to rush toward ECC with a patch. In the best scenario, it would not add significant security in the authentication during these years. In the worst scenario, it may lead to a catastrophe. The wisest choice in our opinion is waiting for ECC full suppport in official OpenVPN releases (2.3, hopefully?), which will allow independent peer-reviews, essential for security.

You might like to read this thread:

https://forums.openvpn.net/topic8404-45.html

Kind regards

[Anonymous Writer 2]

@Anonymous Writer

Hello!

Thank you for your considerations.

We follow closely OpenVPN evolution in available ciphers. ECC is currently not available in stable releases.

On the other hand, as you stated RSA-2048 is unbreakable, and we still have the option to evolve certificates toward RSA-4096 for authentication purposes, while standing on AES-256 for the data channel as we do now.

Therefore, it might be a mistake to rush toward ECC with a patch. In the best scenario, it would not add significant security in the authentication during these years. In the worst scenario, it may lead to a catastrophe. The wisest choice in our opinion is waiting for ECC full suppport in official OpenVPN releases (2.3, hopefully?), which will allow independent peer-reviews, essential for security.

You might like to read this thread:

https://forums.openvpn.net/topic8404-45.html

Kind regards

1024-bit is not breakable; 2048 is perhaps a decade or so from being broken. Perhaps the principal advantage of RSA is that it has been studied endlessly by academics. Not so with ECC. But ECC is the future.

I do not think RSA 4096 is necessary for an anonymization service because it will slow down the system, it still doesn't give a 1:1 ratio, and 2048-bit is years from being broken.

I really would not consider making any changes to the present setup unless OpenVPN updates to ECC or you decide to implement a 1:1 ratio, which is virtually impossible with RSA.