[gnutls-devel] GnuTLS | Ed448 keys are indicated as having a 456-bit "security level" (#1231)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Tue Jun 1 22:43:36 CEST 2021

Daniel Kahn Gillmor commented:

Regarding whether "bits" is supposed to be "symmetric-equivalent" or an actual representation in bits: A 2048-bit RSA key is reported as having 2048 bits, and the table of in `lib/algorithms/secparams.c` maps the different number of "bits" in different classes of algorithm to different security levels. So "bits" is about the underlying representation, not the "symmetric equivalence".

It might be a bit confusing to the uninitiated reader that the "Key Security Level" informative line includes both an assessment/judgement/label (e.g., "high") and a context-dependent bit length.  It's a bit strange to see `Ultra (384 bits)` in one sample and `Low (1024 bits)` in the next.  (this could happen if the first is ECC and the second is RSA, for example).  But, i'm not sure how to best fix the confusion -- as long as it shows up next to the `Public Key Algorithm` line, that does give it a bit of the context needed.  So i guess this bug report should focus on just resolving the 57-vs-56 distinction.

Weird that X448 is fine with `.size = 56` while Ed448 is not!  i'd expect at least a bit of commentary in the code there for why these sizes are different.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1231#note_590435000
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210601/56aa4b78/attachment.html>

More information about the Gnutls-devel mailing list