为什么keysize<384位对openssl_pkey_new()认为太小了吗? [英] Why is keysize < 384 bits deemed too small for openssl_pkey_new()?
问题描述
[2020年评论:这是我几年前开始阅读该主题之前提出的一项研究欠佳的问题.我回过头来解决了这个问题-因为那时我想知道的核心是要理解为什么钥匙必须要有一定的大小.但是,当人们开始学习新事物时,我真正地相信,提出错误的问题是朝着提出越来越好的问题迈出的重要一步.因此,我感到很不幸的是,这个论坛不鼓励人们提出不能反映出良好理解的问题.我希望将来这个论坛可以朝这个方向发展.评论结束.]
具体来说,我的问题如下,使用PHP和OpenSSL,以及函数:
Specifically, my question is as follows, using PHP and OpenSSL, and the function:
openssl_pkey_new(array $configargs)
在该论坛的另一部分中,有人说如果您告诉$ configargs您想要256位或类似的密钥大小,就太容易破解了." 我认为这就是为什么该函数不允许键大小小于384位的原因.但是为什么这么容易被打破呢?
In another part of this forum, it was said that "If you tell $configargs that you want a keysize of 256 bits, or such, it is too easy to break." I presume that is why the function doesn't allow a keysize smaller than 384 bits. But how come that is deemed so easy to break?
我想做的是用用户的私钥在浏览器中(在用户端)加密"ARBITRARY_STRING",然后将其(连同其他数据)发送到服务器,在服务器上我用公钥解密.但是,如果用户必须输入的密钥那么长,那将是不切实际的.
What I want to do is encrypt 'ARBITRARY_STRING' in browser (at the user's end) with user's private key, and then send this (along with other data) to the server, where I decrypt with the public key. But it would be impractical if the key a user has to enter is that long.
感谢您的任何建议!或针对更适合此目的的建议.
Grateful for any advice! Or recommendations on something more suited for the purpose.
推荐答案
您无疑正在尝试生成RSA密钥对.RSA效率相对较低,因为密钥大小不会随提供的安全强度线性增加.正如其他人指出的那样,因此EC密钥和RSA密钥之间存在巨大差异.这种差异也可以在例如 https://keylength.com .RSA 384绝对是不安全的,而EC 384则相当安全,直到量子密码分析的时代结束为止.
You're undoubtedly trying to generate an RSA key pair. RSA is relatively inefficient because the key size does not increase linearly with the security strength offered. As others have indicated, there is therefore a huge difference between EC keys and RSA keys. This difference can also be seen at e.g. https://keylength.com . RSA 384 is absolutely insecure while EC 384 is rather secure until quantum crypto analysis comes off age.
非对称基元的安全性取决于密码系统中某些组件的大小.例如,对于RSA,密钥大小由模数大小决定,模数大小是一个大整数.通常,键的 encoding 比键的大小大得多,因为它包含各种其他信息,标头和其他元信息.密钥的编码大小几乎没有说明安全强度,而比较编码大小完全没有意义.
The security of asymmetric primitives depends on the size of certain components within the crypto system. For RSA for instance the key size is determined by the size of the modulus, which is a large integer. Usually the encoding of the keys is much larger than the key size as it includes various other pieces of information, headers and other meta-information. The encoded size of a key says very little about the security strength and comparing the size of the encodings makes no sense at all.
这篇关于为什么keysize<384位对openssl_pkey_new()认为太小了吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
