 | |
RSACryptoServiceProvider minimum key-length
Dotnet Security microsoft.public.dotnet.security
 |
| | Thread Tools | Search this Thread | Display Modes |
#1
 
| |||
| |||
|
RSACryptoServiceProvider minimum key-length -
03-09-2007
, 06:51 AM
#2
| |||
| |||
|
|
hi, i have to use RSA within .net 2.0 and i have to use a 256 bit key- length. RSACryptoServiceProvider requires a min. length of 384 bit. my current solution-ideas are: s1.) use the RSACryptoServiceProvider and bypass the min. length with reflections are some similar hack. s2.) use a third party lib for .net (like the lib from http://www.certicom.com/, any others? ) s3.) use a lib written for another language (probably c) -> make a dll and call that dll from .net or try to port the c code to managed c++ the solution should be reliable, fast (but no need for super- performance) and idealy easy to implement (therefore i belive s2 seems most reasonable). thanks for any kind of hint, pingram |
#3
| |||
| |||
|
|
You are misunderstanding how RSA encryption works. RSA is only used to encrypt a symmetric session key. Your requirement for a 256 bit key probably refers to the symmetric session key. A 256 bit RSA key makes no sense, as you should be using an RSA key that is at least 1024 bits. Joe K. -- Joe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming"http://www.directoryprogramming.net --<w... (AT) pdi (DOT) at> wrote in message news:1173441067.024384.197310 (AT) 64g2000cwx (DOT) googlegroups.com... hi, i have to use RSA within .net 2.0 and i have to use a 256 bit key- length. RSACryptoServiceProvider requires a min. length of 384 bit. my current solution-ideas are: s1.) use the RSACryptoServiceProvider and bypass the min. length with reflections are some similar hack. s2.) use a third party lib for .net (like the lib from http://www.certicom.com/, any others? ) s3.) use a lib written for another language (probably c) -> make a dll and call that dll from .net or try to port the c code to managed c++ the solution should be reliable, fast (but no need for super- performance) and idealy easy to implement (therefore i belive s2 seems most reasonable). thanks for any kind of hint, pingram- Zitierten Text ausblenden - - Zitierten Text anzeigen - |
#4
| |||
| |||
|
|
joe, thanks for your input. basically i agree that a 256 bit key for encryption doesn't make much sense. unfortunatlly the key length really has to be 256 bit - i'd be happy to change this specification but that's not an option (btw: in this case we use rsa for digital signature (not encryption) and chances of a collision actually are quite low). any hints welcome! br, pingram. On 9 Mrz., 16:22, "Joe Kaplan" joseph.e.kap... (AT) removethis (DOT) accenture.com> wrote: You are misunderstanding how RSA encryption works. RSA is only used to encrypt a symmetric session key. Your requirement for a 256 bit key probably refers to the symmetric session key. A 256 bit RSA key makes no sense, as you should be using an RSA key that is at least 1024 bits. Joe K. -- Joe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming"http://www.directoryprogramming.net --<w... (AT) pdi (DOT) at> wrote in message news:1173441067.024384.197310 (AT) 64g2000cwx (DOT) googlegroups.com... hi, i have to use RSA within .net 2.0 and i have to use a 256 bit key- length. RSACryptoServiceProvider requires a min. length of 384 bit. my current solution-ideas are: s1.) use the RSACryptoServiceProvider and bypass the min. length with reflections are some similar hack. s2.) use a third party lib for .net (like the lib from http://www.certicom.com/, any others? ) s3.) use a lib written for another language (probably c) -> make a dll and call that dll from .net or try to port the c code to managed c++ the solution should be reliable, fast (but no need for super- performance) and idealy easy to implement (therefore i belive s2 seems most reasonable). thanks for any kind of hint, pingram- Zitierten Text ausblenden - - Zitierten Text anzeigen - |
#5
| |||
| |||
|
|
I don't think you understood what I said. When you are doing RSA encryption, that is generally ALWAYS combined with an additional symmetric encryption algorithm like 3DES or AES. RSA is just used for encrypting the symmetric session key. The bulk encryption of data is done with the symmetric algorithm and key. This is how protocols like SSL and SMIME email encryption work. A 256 bit session key makes perfect sense if you are using AES/Rjindael, so that's probably what the spec is suggesting. If they are really saying the RSA key needs to be 256 bit, then the spec itself doesn't understand how crypto works and needs to go back to the author. Joe K. -- Joe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming"http://www.directoryprogramming.net --<w... (AT) pdi (DOT) at> wrote in message news:1173456615.455713.234790 (AT) c51g2000cwc (DOT) googlegroups.com... joe, thanks for your input. basically i agree that a 256 bit key for encryption doesn't make much sense. unfortunatlly the key length really has to be 256 bit - i'd be happy to change this specification but that's not an option (btw: in this case we use rsa for digital signature (not encryption) and chances of a collision actually are quite low). any hints welcome! br, pingram. On 9 Mrz., 16:22, "Joe Kaplan" joseph.e.kap... (AT) removethis (DOT) accenture.com> wrote: You are misunderstanding how RSA encryption works. RSA is only used to encrypt a symmetric session key. Your requirement for a 256 bit key probably refers to the symmetric session key. A 256 bit RSA key makes no sense, as you should be using an RSA key that is at least 1024 bits. Joe K. -- Joe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming"http://www.directoryprogramming.net --<w... (AT) pdi (DOT) at> wrote in message news:1173441067.024384.197310 (AT) 64g2000cwx (DOT) googlegroups.com... hi, i have to use RSA within .net 2.0 and i have to use a 256 bit key- length. RSACryptoServiceProvider requires a min. length of 384 bit. my current solution-ideas are: s1.) use the RSACryptoServiceProvider and bypass the min. length with reflections are some similar hack. s2.) use a third party lib for .net (like the lib from http://www.certicom.com/, any others? ) s3.) use a lib written for another language (probably c) -> make a dll and call that dll from .net or try to port the c code to managed c++ the solution should be reliable, fast (but no need for super- performance) and idealy easy to implement (therefore i belive s2 seems most reasonable). thanks for any kind of hint, pingram- Zitierten Text ausblenden - - Zitierten Text anzeigen -- Hide quoted text - - Show quoted text - |
#6
| |||
| |||
|
|
On Mar 12, 11:34 am, w... (AT) pdi (DOT) at wrote: joe, yes, symetric encryption will be done with 3DES; nevertheless the 256 bit RSA key length is mandatory and changing this spec is not possible! br, pingram. Do you know that it takes 20 seconds to factor 256 bit integer on a low end tablet? And when I tried that om 4-way 64 bit server box it took less than a second for that. Even One Laptop Per Child will factor it in one minute. What could be the reason to have a private key that everyone can find from your public key in less than a minute? Unless you are mistaken and you really talking about some other keys (i.e. not RSA but for ex. ECC or AES) -Valery http://www.harper.no/valery |
#7
| |||
| |||
|
|
joe, yes, symetric encryption will be done with 3DES; nevertheless the 256 bit RSA key length is mandatory and changing this spec is not possible! br, pingram. |
low end tablet? And when I tried that om 4-way 64 bit server box it
took less than a second for that.
Even One Laptop Per Child will factor it in one minute. What could be
the reason to have a private key that everyone can find from your
public key in less than a minute?
Unless you are mistaken and you really talking about some other keys
(i.e. not RSA but for ex. ECC or AES)
-Valery
http://www.harper.no/valery
#8
| |||
| |||
|
finally - valery jumps in  I was missing you Dude! ----- Dominick Baier (http://www.leastprivilege.com) |
-Valery
http://www.harper.no/valery
#9
| |||
| |||
|
|
On Mar 12, 12:27 pm, Dominick Baier dbaier (AT) pleasepleasenospam_leastprivilege (DOT) com> wrote: finally - valery jumps in I was missing you Dude! ----- Dominick Baier (http://www.leastprivilege.com) Thanks Dominick! -Valery http://www.harper.no/valery |
#10
| |||
| |||
|
|
joe, yes, symetric encryption will be done with 3DES; nevertheless the 256 bit RSA key length is mandatory and changing this spec is not possible! br, pingram. On Mar 9, 6:41 pm, "Joe Kaplan" joseph.e.kap... (AT) removethis (DOT) accenture.com> wrote: I don't think you understood what I said. When you are doing RSA encryption, that is generally ALWAYS combined with an additional symmetric encryption algorithm like 3DES or AES. RSA is just used for encrypting the symmetric session key. The bulk encryption of data is done with the symmetric algorithm and key. This is how protocols like SSL and SMIME encryption work. A 256 bit session key makes perfect sense if you are using AES/Rjindael, so that's probably what the spec is suggesting. If they are really saying the RSA key needs to be 256 bit, then the spec itself doesn't understand how crypto works and needs to go back to the author. Joe K. -- Joe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming"http://www.directoryprogramming.net --<w... (AT) pdi (DOT) at> wrote in message news:1173456615.455713.234790 (AT) c51g2000cwc (DOT) googlegroups.com... joe, thanks for your input. basically i agree that a 256 bit key for encryption doesn't make much sense. unfortunatlly the key length really has to be 256 bit - i'd be happy to change this specification but that's not an option (btw: in this case we use rsa for digital signature (not encryption) and chances of a collision actually are quite low). any hints welcome! br, pingram. On 9 Mrz., 16:22, "Joe Kaplan" joseph.e.kap... (AT) removethis (DOT) accenture.com> wrote: You are misunderstanding how RSA encryption works. RSA is only used to encrypt a symmetric session key. Your requirement for a 256 bit key probably refers to the symmetric session key. A 256 bit RSA key makes no sense, as you should be using an RSA key that is at least 1024 bits. Joe K. -- Joe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming"http://www.directoryprogramming.net --<w... (AT) pdi (DOT) at> wrote in message news:1173441067.024384.197310 (AT) 64g2000cwx (DOT) googlegroups.com... hi, i have to use RSA within .net 2.0 and i have to use a 256 bit key- length. RSACryptoServiceProvider requires a min. length of 384 bit. my current solution-ideas are: s1.) use the RSACryptoServiceProvider and bypass the min. length with reflections are some similar hack. s2.) use a third party lib for .net (like the lib from http://www.certicom.com/, any others? ) s3.) use a lib written for another language (probably c) -> make a dll and call that dll from .net or try to port the c code to managed c++ the solution should be reliable, fast (but no need for super- performance) and idealy easy to implement (therefore i belive s2 seems most reasonable). thanks for any kind of hint, pingram- Zitierten Text ausblenden - - Zitierten Text anzeigen -- Hide quoted text - - Show quoted text - |
|
« Previous Thread
|
Next Thread »
| Thread Tools | Search this Thread |
| Display Modes | |
Linear Mode
| |
Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.