I will be signing a token with SHA256 and I am wondering on the length of the secret I should put. Does having a secret key length over 256 bits have any benefits if I am using sha256. So if my key is 300 bits long is this more secure?
The length of the key has to be <= 512 bits because that is the size of the pads. If someone is trying to brute force your key, having a key size of 512 bits will be the most secure.
So to answer your question. Yes, having a key length 300 bits is more secure than one with length 256 bits.
Related
My current setup is I have an intermediate CA with a 1024 bit RSA key.
I will be utilising this intermediate CA to sign client certificates in my enterprise, I wish to give these certificates a SHA2 RSA signature.
A colleague advised that using a 1024 bit private key to perform a SHA2 RSA signature isn't possible.
However I can't seem to find any documentation online concerning this.
Is this possible?
1024-bit RSA can do SHA-256 signatures with both PKCS#1v1.5 padding and PSS padding.
PSS padding requires 2 * hashSize + 2 bytes, or 2 * hashSize + 16 bits. So for a SHA-256 signature (256 bit output) the minimum RSA keysize is 512+16 => 528-bit.
PKCS#1 v1.5 signature padding requires a minimum of tLen + 11 bytes, where tLen is the hash size (in bytes) plus a fixed overhead that differs based on the algorithm (tLen is the length of T, the DER-encoded DigestInfo containing the hash). For SHA-256 tLen is 51, so the minimum key size is (51 + 11) * 8 => (62 * 8) => 496-bit.
Security Considerations:
496-bit and 528-bit are both considered atrociously low in 2019.
1024-bit is also considered to be on the low side of the scale (it provides roughly 80 bits of security).
NIST SP 800-57 Part 3 recommends RSA-2048 for CA operations.
I work with a smart card which is able to generate RSA keys. But when I generate a key pair, the new generated public and private keys can have some of their most significant bits = 0. Is this OK or does it mean less cryptographic strength?
In some representations, the MSB must be zero, otherwise the value well get treated as a negative number. It should have sufficient non-zero bits such that the modulus is of the size you wanted to generate, otherwise, yes it is less secure.
I have made some testing and it came out that RSA is lot slower than DSA.
What is usual DSA time complexity?
RSA[ms] DSA [ms]
1125 218 1KiB
1047 188 2KiB
594 17 4KiB
641 234 8KiB
2938 406 16KiB
9063 937 32KiB
39344 3406 64KiB
RSA and DSA using both exponentiation to generate the signature. This is what costs the most time, so they will basically have the same complexity. But the difference is the key length.
In cryptography you try to choose as small keys as possible, but big enough to get the security you want.
RSA needs quite long keys, sth. like 2048 bit or bigger.
DSA has one short (about 256 bit) and one long key (about 2048 bit). The exponent will be not bigger than the short key.
So for DSA you have to compute a 2048 bit number to the power of a 256 bit number (modulo a other number) and for RSA you have to compute a 2048 bit number to the power of an other 2048 bit number.
This is why RSA is much slower than DSA.
Notice: If you choose for DSA a short key of length 2048 bit, it will be as slow as RSA.
I know about length of some small encrypted strings as: 160, 196 ..
What determines the size?
The size in bytes of a single "block" encrypted is the same as the key size, which is the same as the size of the modulus. The private exponent is normally about the same size, but may be smaller. The public exponent can be up to to the key size in size, but is normally much smaller to allow for more efficient encryption or verification. Most of the time it is the fourth number of Fermat, 65537.
Note that this is the size in bits of the encrypted data. The plain data must be padded. PKCS#1 v1.5 uses at most the key size - 11 bytes padding for the plain text. It is certainly smart to keep a higher margin though, say 19 bytes padding minimum (a 16 byte random instead of a 8 byte random for padding).
For this reason, and because it is expensive to perform RSA encryption/decryption, RSA is mostly used in combination with a symmetric primitive such as AES - in the case of AES a random AES symmetric secret key is encrypted instead of the plain text. That key is then used to encrypt the plain text.
I am using a AES algorithm in my application for encrypting plain text. I am trying to use a key which is a six digit number. But as per the AES spec, the key should be minimum sixteen bytes in length. I am planning to append leading zeros to my six digit number to make it a 16 byte and then use this as a key.
Would it have any security implications ? I mean will it make my ciphertext more prone to attacks.
Please help.
You should use a key derivation function, in particular PBKDF2 is state-of-the-art in obtaining an AES key from a password or PIN.
In particular, PBKDF2 makes more difficult to perform a key search because it:
randomizes the key, therefore making precomputed password dictionaries useless;
increases the computational cost of testing each candidate password increasing the total time required to find a key.
As an additional remark, I would say that 6 digits correspond roughly to 16 bits of password entropy, which are definitely too few. Increase your password length.