Re: ssl connections to postgresql

From: Lincoln Yeoh <lyeoh(at)pop(dot)jaring(dot)my>
To: "James B(dot) Byrne" <byrnejb(at)harte-lyne(dot)ca>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: ssl connections to postgresql
Date: 2007-07-27 15:54:17
Message-ID: 200707271557.l6RFvnYD095352@smtp2.jaring.my
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

At 09:26 PM 7/26/2007, James B. Byrne wrote:

>Is there a way to use a key larger than 256 bits and is there any reason
>why this would not be useful in practice? Our standard key sizes here
>seem to by either 1024 or 2048.

Hi,

There's a difference between a symmetric key, and a public key. 256
bit is decent for shared key, and too small for public key crypto.

For symmetric (shared) key encryption, if 256 bit keys are not big
enough it usually means the encryption is broken and you should be
switching to something else ASAP.

For public key encryption, you get sizes like 1024, 2048 or even
4096. The reason why these keys are bigger is because of the sort of
math involved, e.g. for RSA the difficulty of cracking is related to
the difficulty of finding the factors of large numbers. You do need
quite large numbers to make things hard. Whereas cracking decent
shared key crypto is more like trying all the combinations so it
should be harder per bit, e.g. on average it should take you 2^255
tries to crack a 256 bit key.

The advantage of public key encryption is you can freely give out the
public key, you just need to keepthe private key secret. Whatever the
public key encrypts, the private key can decrypt. Whatever the
private key encrypts (signs) the public key can decrypt (verify).
Whereas for shared key encryption, both sides need the same key.

Public key crypto is quite slow, so it is usually used to transfer
the smaller symmetric (shared) keys (which should be random and
changing). Then the shared keys are used to encrypt the connections.

You could probably refer to wikipedia or google for more details.

Regards,
Link.

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Merlin Moncure 2007-07-27 15:56:36 Re: How do I create a database if I can't connect to it?
Previous Message David Fetter 2007-07-27 15:19:52 Re: How do I create a database if I can't connect to it?