Re: [Fed-Talk] File Vault and AES128
Re: [Fed-Talk] File Vault and AES128
- Subject: Re: [Fed-Talk] File Vault and AES128
- From: Joshua Krage <email@hidden>
- Date: Thu, 30 Jun 2005 16:07:47 -0400
- Mail-followup-to: Fedtalk List <email@hidden>
On Thu, Jun 30, 2005 at 01:08:33PM -0500, Michael Pike wrote:
> I just wanted a bottom line answer (if you can):
> Is AES128 secure enough for the NSA and CIA? Or do they use
> something else?
By Federal definition, yes. Within a relatively narrow scope for those
specific Agencies. NIST defines and approves AES in FIPS197. Ergo any US
Government entity can use AES to protect most unclassified material.
For classified use, each Agency can have more specific requirements for the
use and type of material under protection. Since there are some legal
liabilities if you fail to protect the information appropriately, it is
truly in your best interest to engage the organization's classified
materials staff.
Earlier you referenced 128 bits vs. 2048 bits. Those key lengths are from
two different encryption types: symmetric and asymmetric. Symmetric keys
are encrypted and decrypted with the same key.
Asymmetric keys are split, with a public and private key. Encryption occurs
between source private key and the destination public key. The functional
requirements for asymmetric encryption require a much larger key space to be
used.
HOWEVER: Every algorithm is different, and key size is not a truly effective
way to measure its level of protection. Especially with elliptical crypto.
For more exhaustive information on key length:
<http://en.wikipedia.org/wiki/Key_size>
Some interesting points in the article:
- In 2003 1024-bit RSA (asymmetric key) equivalent in strength to 80-bit
symmetric keys
- NIST is considering 15360-bit RSA keys equivalent to 256-bit symmetric
keys
--
------------------------------------------------------------------------
F. Joshua Krage, CISSP email@hidden
Code 297, Enterprise IT Security NASA Goddard Space Flight Center
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden