Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
288 views
in Technique[技术] by (71.8m points)

php - Why is keysize < 384 bits deemed too small for openssl_pkey_new()?

[Comment in 2020: This was a poorly researched question I asked several years ago, before I started reading about the subject. I returned to clean up the question a bit - since the core thing I wanted to know back then was to understand why the key had to have a certain size. However, when one starts learning something new, I truly believe that asking the wrong questions is an important step, towards asking better and better questions. Therefore I find it unfortunate that this forum is discouraging people from asking questions that do not reflect good understanding. I hope this forum in the future can develop more in that direction. End of comment.]


Specifically, my question is as follows, using PHP and OpenSSL, and the function:

openssl_pkey_new(array $configargs)

In another part of this forum, it was said that "If you tell $configargs that you want a keysize of 256 bits, or such, it is too easy to break." I presume that is why the function doesn't allow a keysize smaller than 384 bits. But how come that is deemed so easy to break?

What I want to do is encrypt 'ARBITRARY_STRING' in browser (at the user's end) with user's private key, and then send this (along with other data) to the server, where I decrypt with the public key. But it would be impractical if the key a user has to enter is that long.

Grateful for any advice! Or recommendations on something more suited for the purpose.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

You're undoubtedly trying to generate an RSA key pair. RSA is relatively inefficient because the key size does not increase linearly with the security strength offered. As others have indicated, there is therefore a huge difference between EC keys and RSA keys. This difference can also be seen at e.g. https://keylength.com . RSA 384 is absolutely insecure while EC 384 is rather secure until quantum crypto analysis comes off age.

The security of asymmetric primitives depends on the size of certain components within the crypto system. For RSA for instance the key size is determined by the size of the modulus, which is a large integer. Usually the encoding of the keys is much larger than the key size as it includes various other pieces of information, headers and other meta-information. The encoded size of a key says very little about the security strength and comparing the size of the encodings makes no sense at all.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...