canmove, Confirmed users
937
edits
VE 07KeyMgmt: Difference between revisions
→Key Establishment Techniques
| Line 65: | Line 65: | ||
The strengths of security of the asymmetric key establishment techniques are obtained from Table 2 of Section 5.6.1, NIST SP 800-57 Part 1. | The strengths of security of the asymmetric key establishment techniques are obtained from Table 2 of Section 5.6.1, NIST SP 800-57 Part 1. | ||
<div class=note>'''Caveats''': | <div class=note>'''Caveats:''' | ||
Since the NSS cryptographic module allows a key establishment method to establish a cryptographic key that is stronger than the key establishment method, the following caveats are required by FIPS 140-2 IG 7.5: | |||
* Diffie-Hellman (key agreement, key establishment methodology provides between 80 bits and 112 bits of encryption strength) | * Diffie-Hellman (key agreement, key establishment methodology provides between 80 bits and 112 bits of encryption strength) | ||
* EC Diffie-Hellman (key agreement, key establishment methodology provides between 80 bits and 256 bits of encryption strength) | * EC Diffie-Hellman (key agreement, key establishment methodology provides between 80 bits and 256 bits of encryption strength) | ||
* RSA (PKCS #1, key wrapping, key establishment methodology provides between 80 bits and 192 bits of encryption strength) | * RSA (PKCS #1, key wrapping, key establishment methodology provides between 80 bits and 192 bits of encryption strength) | ||
The [http://wiki.mozilla.org/Security_Policy#Specification_of_Security_Policy Security Policy] is also annotated with these caveats. | |||
</div> | </div> | ||