stackoom
  简体   繁体   中英

Why is keysize < 384 bits deemed too small for openssl_pkey_new()?

 原文  2018-01-19 19:08:32       php/ ssl/ cryptography/ public-key-encryption

Question

[Comment in 2020: This was a poorly researched question I asked several years ago, before I started reading about the subject. I returned to clean up the question a bit - since the core thing I wanted to know back then was to understand why the key had to have a certain size. However, when one starts learning something new, I truly believe that asking the wrong questions is an important step, towards asking better and better questions. Therefore I find it unfortunate that this forum is discouraging people from asking questions that do not reflect good understanding. I hope this forum in the future can develop more in that direction. End of comment.]

Specifically, my question is as follows, using PHP and OpenSSL, and the function:

openssl_pkey_new(array $configargs)

In another part of this forum, it was said that "If you tell $configargs that you want a keysize of 256 bits, or such, it is too easy to break." I presume that is why the function doesn't allow a keysize smaller than 384 bits. But how come that is deemed so easy to break?

What I want to do is encrypt 'ARBITRARY_STRING' in browser (at the user's end) with user's private key, and then send this (along with other data) to the server, where I decrypt with the public key. But it would be impractical if the key a user has to enter is that long.

Grateful for any advice! Or recommendations on something more suited for the purpose.

1 answers

solution1
 1  2018-01-20 14:11:36

You're undoubtedly trying to generate an RSA key pair. RSA is relatively inefficient because the key size does not increase linearly with the security strength offered. As others have indicated, there is therefore a huge difference between EC keys and RSA keys. This difference can also be seen at eg https://keylength.com . RSA 384 is absolutely insecure while EC 384 is rather secure until quantum crypto analysis comes off age.

The security of asymmetric primitives depends on the size of certain components within the crypto system. For RSA for instance the key size is determined by the size of the modulus, which is a large integer. Usually the encoding of the keys is much larger than the key size as it includes various other pieces of information, headers and other meta-information. The encoded size of a key says very little about the security strength and comparing the size of the encodings makes no sense at all.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Why does openssl_pkey_new() fail? Call to undefined function openssl_pkey_new()? xampp openssl errors when calling openssl_pkey_new(); openssl_pkey_new() throwing errors — Proper openssl.cnf setup for php Is it possible to generate an ED25519 keypair with the built-in openssl_pkey_new function in PHP? Php openssl_pkey_new() throw error when creating ECC keys PHP problems combining MYSQLI_CLIENT_SSL and openssl_pkey_new() openssl_pkey_new throws error configuration file routines:NCONF_get_string:no value `openssl_pkey_get_details` only returning `bits`, `key` and `type` values (can't access [rsa]) Why can't I use key lengths < 384bit for EC in PHP OpenSSL?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM