I am a novice in the field of cryptography. Consider the openssl config param below.
$openssl_config = array(
"digest_alg" => "sha512",
"private_key_bits" => 2048,
"private_key_type" => OPENSSL_KEYTYPE_RSA,
"encrypt_key_cipher" => OPENSSL_CIPHER_AES_256_CBC
);
I just want to know the strength of encryption the we can get using the above config.
e.g. Is it 256 bit, 2048 bit, 512 bit? what is the criterion?
Thanks
分享 I just want to know the strength of encryption the we can get using the above config.
"Encryption strength" is roughly measured in security levels. It allows you to compare different types of algorithms. There's a treatment of it at Security Level on the Crypto++ wiki.
Effectively, a security level indicates how many operations are required to break an algorithm. This is both theoretical and practical. For example SHA-1 has 80-bits of theoretical security. That's because of birthday attacks on collisions. However, its close to 61-bits due to advances in cryptanalysis, like Marc Steven's attack from 2011. See Project HashClash for details.
There are tables of equivalent security levels for Symmetric Key, Hashes, Finite Field, Integer Factorization and Elliptic Curves. Symmetric key is for block and stream ciphers, like AES, Camellia and RC4. Hashes is for hashing, like Whirlpool and SHA and HMACs. Finite field is for Diffie-Hellman and other related problems. Integer factorization if for RSA and other factorization problems. And elliptic curves is for EC based problems.
You can find the NIST tables below. Other organizations that publish the criteria include NESSIE, ECRYPT, ISO/IEC.
Here are the security levels of the algorithms you specified:
In theory, an attacker would attack the weakest component. So he/she would go after RSA since its the weakest crypto component. But in practice, I don't think it matters. The weakest component provides 112-bits of security, and that's out of reach for most adversaries.
In practice, the adversary will probably find a vulnerability in your web server and get the secret while its at rest because the crypto is too hard.
As an academic exercise, and since you selected AES-256, you would want the following to maintain 256-bits of security throughout the system:
When a RSA modulus gets above 3072-bit or 4096-bit (or so), you usually switch to elliptic curves.
If you wanted to maintain the minimum security level of 112-bits, then you would use:
分享
