Hacker News new | ask | show | jobs
by schoen 4118 days ago
TLS uses several algorithms, almost always both asymmetric and symmetric algorithms, in every session. For example, my current connection to HN is TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. And that does mean that our underlying session key is 128 bits, independent of the size of HN's public key (which turns out to be 2048 bits).

There is a possible argument that a 128-bit AES key and a 2048-bit RSA key are mismatched, but a 1024-bit RSA key is clearly known to be dangerous now, while the same is not at all true for a 128-bit AES key.
1 comments
marcosdumay 4118 days ago
Symmetric encryption does not have the concept of a "private key". A 128 bits private key in TLS can only vary from almost useless (if it's some ECC algorithm) to completely useless (in case it's RSA).

Too bad (but understandable) that the article does not give any detail. About a decade ago, 128 bits RSA keys were widely used (but not recommended anymore), I wouldn't be surprised to discover a bank didn't change their security procedures since then.

link
some_furry 4117 days ago
> Symmetric encryption does not have the concept of a "private key".

In the early days of public key cryptography, the NSA referred to it as "non-private key cryptography".

Even today, people often refer to symmetric vs asymmetric and private vs public interchangeably. (Yes, it can cause confusion and you will probably never see professional cryptographers like Bernstein, Green, Lange, Schwabe, Schneier, or Wilcox-O'hearn refer to it that way.)

https://en.wikipedia.org/wiki/Symmetric-key_algorithm#cite_n...

The author had multiple errors; it isn't beyond the limits of intellectual generosity to assume they meant symmetric key instead of private key.

> A 128 bits private key in TLS can only vary from almost useless (if it's some ECC algorithm) to completely useless (in case it's RSA).

128 bit EdDSA would have about the same security as a 64 bit block cipher, which we would consider broken. So I'm in full agreement there.

128 bit RSA? Totally useless.

128 bit AES? Not a concern. Usually you look at the padding, block mode, and authentication instead.

link