about the security of a tipical client/server application.
|
View:
New views
6 Messages
—
Rating Filter:
Alert me
|
 |
about the security of a tipical client/server application.
by Kirk81
::
Rate this Message:
Hello people,
since all of you seem quite familiary with criptography and its tools I would like to ask u something. I'm implementing a server/client application: the client has to collect data and send them to the server in a frame format (unidirectional connection). In any frame, I added a special field for digital signature (I'm not considering a PKI). Actually, I'm using the RSA signature mechanism (hash and sign paradigm) with a RSA-512 bit key and the SHA-256. The reason is that I need some speed and I don't wanna add too many bytes in my frame (with this set-up i'm only adding 64 bytes). Supposing that I'm sending 1000 messages every day The frame also presents a time field which represents when the frame was formatted and a sample count field which is repeated any second: this should be avoid a replay-attack. The man-in-the-middle attack, the integry and the non-repudation mechanism should be countered by the digital signature. I'm pretty sure that the weakness of all the mechanism is the key-length and I'd like to avoid the brute force attack or the worst birthday attack...so here's my questions. 1. For how many days can I use a 512-bit key? Should I worry first about the factorization problem or the fact that my adversary can recover the key from the messages I sent? Can someone explain them with any numerical examples? 2. Are there other attacks (or troubles) I should consider? Thanks in advance, Kirk |
|
|
Re: about the security of a tipical client/server application.
by Jeffrey Walton-3
::
Rate this Message:
Hi Kirk,
> I'm pretty sure that the weakness of all the mechanism is the key-length and > I'd like to avoid the brute force attack or the worst birthday attack...so > here's my questions. There's no need to find collisions on the hash. The key is the weak point. Your attacker will factor N, change your message, then sign the altered message (using SHA-256). > 1. For how many days can I use a 512-bit key? 0 > RSA-512 bit key and the SHA-256. The reason is that I need some > speed and I don't wanna add too many bytes in my frame > (with this set-up i'm only adding 64 bytes). Try an elliptic curve. It will be about 8-12 times faster than RSA, with a smaller signature. Since your using SHA-256, use P-256 or B-233. > Supposing that I'm sending 1000 messages every day :) Jeff On Sun, Nov 8, 2009 at 6:42 PM, Kirk81 <rigo_ita@...> wrote: > > Hello people, > > since all of you seem quite familiary with criptography and its tools I > would like to ask u something. > > I'm implementing a server/client application: the client has to collect data > and send them to the server in a frame format (unidirectional connection). > In any frame, I added a special field for digital signature (I'm not > considering a PKI). Actually, I'm using the RSA signature mechanism (hash > and sign paradigm) with a RSA-512 bit key and the SHA-256. The reason is > that I need some speed and I don't wanna add too many bytes in my frame > (with this set-up i'm only adding 64 bytes). > Supposing that I'm sending 1000 messages every day > > The frame also presents a time field which represents when the frame was > formatted and a sample count field which is repeated any second: this should > be avoid a replay-attack. > > The man-in-the-middle attack, the integry and the non-repudation mechanism > should be countered by the digital signature. > > I'm pretty sure that the weakness of all the mechanism is the key-length and > I'd like to avoid the brute force attack or the worst birthday attack...so > here's my questions. > > 1. For how many days can I use a 512-bit key? Should I worry first about the > factorization problem or the fact that my adversary can recover the key from > the messages I sent? Can someone explain them with any numerical examples? > > 2. Are there other attacks (or troubles) I should consider? > > Thanks in advance, > > Kirk > > [SNIP] OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@... Automated List Manager majordomo@... |
|
|
Re: about the security of a tipical client/server application.
by Kirk81
::
Rate this Message:
Does a individual hackers have the NASA's PC? lol, I mean I'm looking about the integer factorization problem and, from a SW point of view, I think only a comunity of PCs can solve the problem in few time (less than one day?!) . Am I wrong? Or can u do it with a standard PC? :-/ I'm also getting information about special HW for for attacking cryptographic systems. Some papers (focused on the number-field sieve) claims to be able to hack the 512-key in less than 10 minutes, but without an actual implementation. Is there any real implementation who can show me how much time someone need to factor 512-key? Do you know it? cos i would like to know the currently lifetime (minutes? lol) of the 512-bits key. I've already implemented the ECDSA scheme in my application: using SHA-1 and secp160k1. Yep. I'm pretty faster on the signer's side, but i'm actually much slower on the verification side. Of course, with ECDSA, the lifetime of my key is quite longer, since HW attacks appear infeasible on secp160k1. So, should i worry about an attack on the SHA-1? or on the # of sent messages? thanks |
|
|
Re: about the security of a tipical client/server application.
by John R Pierce
::
Rate this Message:
Kirk81 wrote:
> Does a individual hackers have the NASA's PC? assume they can have clusters of 100s/1000s of computers at their bidding (aka 'botnets' of trojan-infected PC's scattered around the world.) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@... Automated List Manager majordomo@... |
|
|
Re: about the security of a tipical client/server application.
by Jeffrey Walton-3
::
Rate this Message:
Hi Kirk,
> I've already implemented the ECDSA scheme in my application: > using SHA-1 and secp160k1. In that case, consider using ECDSA. > I'm pretty faster on the signer's side, but i'm actually > much slower on the verification side. Compare apples to apples: use an appropriate RSA moduli. Since you've selected SHA-256, here are the contestants: RSA3072 vs P-256 or B-283. If you want to test using SHA-1, use RSA1024 vs P-160 or B-163. > Is there any real implementation who can show me how much > time someone need to factor 512-key? See, for example, the RSA challenges (dated) and the prime pages (http://primes.utm.edu/). UTM seems to keep the pages up to date. Outside of that, search SiteSeer or ask over at sci.crypt. > So, should i worry about an attack on the SHA-1? The security level has been reduced to somewhere around 2^50 (from an ideal level of 2^80). See McDonald, Hawkes, and Pieprzyk's paper from Eurocrypt 2009. I also agree with John Pierce's thinking: the threat model should include either a well funded [agency|government], or a distributed effort. > Does a individual hackers have the NASA's PC?... > I'm also getting information about special HW for for attacking > cryptographic systems. A more interesting question is, 'How is the attacker plugging his hardware into NASA's network.' :) > So, should i worry about an attack ... on the # of sent messages? I don't believe so. I'd have to go to the HAC, but I believe the number of messages under a key applies to encipherment and not signatures. Also keep in mind that FIPS recommends/requires SHA-2, which means you can drop to SHA-224 if the 1000 messages per day are placing too much of a burden on your server. Jeff On Mon, Nov 9, 2009 at 10:44 AM, Kirk81 <rigo_ita@...> wrote: > > Jeffrey Walton-3 wrote: >> >>> 1. For how many days can I use a 512-bit key? >> 0 >> > > Does a individual hackers have the NASA's PC? lol, I mean I'm looking about > the integer factorization problem and, from a SW point of view, I think only > a comunity of PCs can solve the problem in few time (less than one day?!) . > Am I wrong? Or can u do it with a standard PC? :-/ > > I'm also getting information about special HW for for attacking > cryptographic systems. Some papers (focused on the number-field sieve) > claims to be able to hack the 512-key in less than 10 minutes, but without > an actual implementation. > Is there any real implementation who can show me how much time someone need > to factor 512-key? Do you know it? cos i would like to know the currently > lifetime (minutes? lol) of the 512-bits key. > > > Jeffrey Walton-3 wrote: >> >> Try an elliptic curve. It will be about 8-12 times faster than RSA, >> with a smaller signature. Since your using SHA-256, use P-256 or >> B-233. >> :) >> Jeff >> > I've already implemented the ECDSA scheme in my application: using SHA-1 and > secp160k1. Yep. I'm pretty faster on the signer's side, but i'm actually > much slower on the verification side. > > Of course, with ECDSA, the lifetime of my key is quite longer, since HW > attacks appear infeasible on secp160k1. So, should i worry about an attack > on the SHA-1? or on the # of sent messages? > > thanks > -- > [SNIP] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@... Automated List Manager majordomo@... |
|
|
Re: about the security of a tipical client/server application.
by Kirk81
::
Rate this Message:
What about RSA with a 704-bits key and the SHA-256? Yep, thanks..i'm also looking on wiki the RSA challenge. I also found out that recently about a group's success in breaking the signature keys used for several Texas Instrument calculators. (http://www.schneier.com/blog/archives/2009/09/texas_instrumen.html) It is also point it out in the NIST Special Publication 800-107. i'm going to implement the ECDSA with SHA-256, (of course with a longer key than secp160k1). and i'm gonna have a look to the performace. Thanks |
| Free embeddable forum powered by Nabble | Forum Help |
