The safety of data protected by RSA, in long term
I'm using .net 3.5 and vb.net. I know little about the inner working of each encryption mentioned below. I just use classes provided in .net class library.
I have a piece of information that have been encrypted with TripleDes, then Rijndael and finally RC2 algorithms. And all KEYs and IVs of those algorithms have been encrypted with RSA using 1024 keysize respectively.
Is that consider safe for now and for long term?
Because I heard that RSA encryption can be considered safe only for certain years. For example, in开发者_StackOverflow this article 768-bit RSA cracked, 1024-bit safe (for now)
Should I increase the RSA keysize to 2048 or more?
UPDATE:
The safe here means for long term and for very important secret
Here is a list for how long keys for different encryption algorithms should be: http://www.keylength.com. The numbers listed on this site are regarded as the standard. When in doubt, check there. The Ecrypt II method is the most recent publication. You can find a PDF here: http://www.ecrypt.eu.org/documents/D.SPA.13.pdf. It makes for an interesting read and seems fairly accessible even if you don't know much about cryptography (although I can't be sure, since I work in the field).
As for encrypting your original data multiple times with different algorithms: this is of no use, as long as you use an encryption algorithm that is strong. My suggestion would be to use the de-facto standard AES (= Rijndael).
As for your symmetic key lenght, if you stick with AES, any of the three options (128, 192 or 256-bit) is fine. In fact, there are certain attacks on 256-bit AES that don't work on the 128-bit version (due to key scheduling). Anyway, none of the published attacks on AES are of any practical use so far, so pick whatever you want.
If you want to be very sure your key won't be decrypted, yes, use RSA-2048. Btw, as you can see in this table: http://www.keylength.com/en/3/, AES-128 is equal in strength to RSA-3248.
[Edit] One question though: why are you encrypting your keys? You effectively will have to store a 2048-bit RSA key in a secure location to be able to decrypt your 128-bit AES key. I don't see the point. You might as well store the 128-bit key somewhere secure and be done with it. Or are you using multiple RSA keys to establish a symmetric key?
Also, IVs are supposed to be public, no use in hiding/encrypting them, that effectively makes them a 2nd key. You already have a key. So don't bother encrypting them.
It really depends on what you're storing and if anyone has something of great value to gain by cracking it. 1024 bit encryption should by fine for most stuff that isn't dealing with financial data or national secrets.
However, if you're looking to write your code and not have to come back to it for more than a decade (assuming no bugs ^_^) then go for the higher bit encryption. Just make sure you always remember that no encryption is unbreakable, and high-bit encryption is only secure for so long.
Here's an interesting link that talks about how 1024 bit encryption can be cracked by lowering the power given to the processor. I assume this would be scalable to more sophisticated encryption schemes as well.
This reference seems good too. The graphic on the page shows that decryption time for RSA is exponential.
Here's one more article, straight from RSA Laboratories that talks about how long until certain sized keys are deemed less secure.
Bottom Line: If you're looking for something that will work longterm, definitely go with the 2048 bit encryption. It will work now, although your server will take a bit more time to encrypt (and waaay longer to decrypt), and will work in the future.
精彩评论