From: | Lincoln Yeoh <lyeoh(at)pop(dot)jaring(dot)my> |
---|---|
To: | "James B(dot) Byrne" <byrnejb(at)harte-lyne(dot)ca>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: ssl connections to postgresql |
Date: | 2007-07-27 15:54:17 |
Message-ID: | 200707271557.l6RFvnYD095352@smtp2.jaring.my |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
At 09:26 PM 7/26/2007, James B. Byrne wrote:
>Is there a way to use a key larger than 256 bits and is there any reason
>why this would not be useful in practice? Our standard key sizes here
>seem to by either 1024 or 2048.
Hi,
There's a difference between a symmetric key, and a public key. 256
bit is decent for shared key, and too small for public key crypto.
For symmetric (shared) key encryption, if 256 bit keys are not big
enough it usually means the encryption is broken and you should be
switching to something else ASAP.
For public key encryption, you get sizes like 1024, 2048 or even
4096. The reason why these keys are bigger is because of the sort of
math involved, e.g. for RSA the difficulty of cracking is related to
the difficulty of finding the factors of large numbers. You do need
quite large numbers to make things hard. Whereas cracking decent
shared key crypto is more like trying all the combinations so it
should be harder per bit, e.g. on average it should take you 2^255
tries to crack a 256 bit key.
The advantage of public key encryption is you can freely give out the
public key, you just need to keepthe private key secret. Whatever the
public key encrypts, the private key can decrypt. Whatever the
private key encrypts (signs) the public key can decrypt (verify).
Whereas for shared key encryption, both sides need the same key.
Public key crypto is quite slow, so it is usually used to transfer
the smaller symmetric (shared) keys (which should be random and
changing). Then the shared keys are used to encrypt the connections.
You could probably refer to wikipedia or google for more details.
Regards,
Link.
From | Date | Subject | |
---|---|---|---|
Next Message | Merlin Moncure | 2007-07-27 15:56:36 | Re: How do I create a database if I can't connect to it? |
Previous Message | David Fetter | 2007-07-27 15:19:52 | Re: How do I create a database if I can't connect to it? |