[pycrypto] RSA exportKey question

Legrandin helderijs at gmail.com
Fri Jul 5 03:10:09 PDT 2013


Hi Paul,

In the back of my mind, I was referring to practical purposes *in the
context of key wrapping*.
For key wrapping, you deal with very small payloads and the key is
salted: speed and birthdays paradox are not real concerns,
and the security marging 3DES (with 112 bits of ) is large enough.
I am suggesting to stick to "PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC" as
default PKCS#8 wrapping algorithm for export
because there are more chances the receiver (e.g. some
actually-not-so-old openssl versions) will be able to unwrap it.
If I had to pick a more future proof value (regardless of
compatibility) I would agree that AES is better, but only in
combination with scrypt as KDF.

2013/7/4  <Paul_Koning at dell.com>:
>
> On Jul 3, 2013, at 5:26 PM, Legrandin wrote:
>
>> I find 3DES is as good as AES for most practical purposes.
>
> I'm curious what your metrics are for that conclusion.
>
> By way of comparison, the new draft for the RFC covering storage protocol security (successor to RFC 3723) switches from 3DES to AES for clearly stated reasons, one of which is the fact that 64 bit blocks and large quantities of data don't go well together.  If you're dealing with small quantities of data, 3DES might still be good enough, but I still don't see an obvious reason to stick with a rather ancient cipher when a well-vetted replacement is available.
>
>         paul
>
>
> _______________________________________________
> pycrypto mailing list
> pycrypto at lists.dlitz.net
> http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto


More information about the pycrypto mailing list