Updated the digital signatures section for FIPS 186-5 #157
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @@ -4569,9 +4569,9 @@ A widely-used public key algorithm is the RSA algorithm, which *can* be used for | |||
|
|
|||
| RSA key lengths need to be longer than you might expect. An RSA key length of 1024 bits is approximately equivalent to a symmetric key length of 80 bits, which is so small that it is generally considered insecure. An RSA key length of 2048 bits is equivalent to a symmetric key length of 112 bits; a 2048 bit is considered barely acceptable by some (e.g., NIST says that this may be used through 2030, after which it may not be used by the US government). If you are using RSA, you should probably use at least 3,072 bit key in current deployments (this is equivalent to a 128 bit symmetric key). You would need an RSA key of 15,360 bits to get the equivalent of a 256-bit symmetric key. See [NIST’s *Recommendation for Key Management: Part 1 - General*](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf) for more about key equivalent lengths. Unfortunately, RSA is relatively slow, especially as you increase to key lengths necessary for minimum security. For all these reasons, some organizations, such as Trail of Bits, recommend avoiding using RSA in most cases ([*Seriously, stop using RSA*](https://blog.trailofbits.com/2019/07/08/fuck-rsa/), 2019). | |||
|
|
|||
| A whole family of algorithms are called *elliptic curve cryptography*; these are algorithms that are based on complex math involving elliptic curves. These algorithms require far shorter key lengths for equivalent cryptographic strength, and that is a significant advantage. Historically, elliptic curve cryptography involved a minefield of patents, but over the years many of those patents have expired and so elliptic curve cryptography has become more common. A widely-used and respected algorithm for key exchange and digital signatures is Curve25519; a related protocol called ECIES combines Curve25519 key exchange with a symmetric key algorithm (for more details, see [*Seriously, stop using RSA*](https://blog.trailofbits.com/2019/07/08/fuck-rsa/), 2019). | |||
| A whole family of algorithms are called *elliptic curve cryptography*; these are algorithms that are based on complex math involving elliptic curves. These algorithms require far shorter key lengths for equivalent cryptographic strength, and that is a significant advantage. Historically, elliptic curve cryptography involved a minefield of patents, but over the years many of those patents have expired and so elliptic curve cryptography has become more common. A widely-used and respected algorithm for key exchange is X25519 and EdDSA for Digital Signatures; a related protocol called ECIES combines X25519 key exchange with a symmetric key algorithm (for more details, see [*Seriously, stop using RSA*](https://blog.trailofbits.com/2019/07/08/fuck-rsa/), 2019). | |||
There was a problem hiding this comment.
The text here is overly complicated; don't swap order in the middle. Specifically, change:
A widely-used and respected algorithm for key exchange is X25519 and EdDSA for Digital Signatures;
to:
A widely-used and respected elliptic curve algorithm for key exchange is X25519, while for digital signature it's EdDSA.
Also:
a related protocol called ECIES combines Curve25519 key exchange with a symmetric key algorithm
I can't find evidence it has to always be Curve25519. I suggest making it general as follows:
A related protocol called ECIES combines elliptic curve key exchange with a symmetric key algorithm
There was a problem hiding this comment.
Almost. It's still missing "while for digital signature it's EdDSA." But I can fix that separately. Thanks so much for the recommended changes!
|
Thanks for the feedback! Please see my comments. |
added 2 commits
October 10, 2024 15:26
This removes DSA, that is today a legacy algorithm not part of the FIPS 186-5 (DSS) standard. It adds EdDSA and mentions FIPS 186-5 as a google search for DSS brings historic documents not the current standard. Signed-off-by: Nikos Mavrogiannopoulos <[email protected]>
Curve25519 is now being used to identify the curve, whereas the term X25519 identifies ECDH with that curve. Signed-off-by: Nikos Mavrogiannopoulos <[email protected]>
|
Any updates regarding the inclusion of this PR? Removing DSA is essential for a modern cryptographic intro training since it’s no longer recommended by any active standards and SP 800-131Ar3 prohibits it. |
|
Thank you so much, sorry for the delay. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This removes DSA, that is today a legacy algorithm not part of the FIPS 186-5 (DSS) standard. It adds EdDSA and mentions FIPS 186-5 as a google search for DSS brings historic documents not the current standard.