This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Keys Don't Grow in Threes
May/June 2009 (vol. 13 no. 3)
pp. 96, 94-95
Stephen Farrell, Trinity College Dublin
Many Internet security mechanisms depend on the use of cryptographic algorithms for various forms of authentication and confidentiality. Even when well-known and standardized cryptographic algorithms are used in well-known protocols, some parameters must be specified, the most important of which are usually algorithm identifiers and key or hash-output lengths. The author reviews some recent key length recommendations and compares those to current usage. He raises some issues that come up once we start to do the updates called for by various cryptographic experts and authorities who've made recommendations on this topic — some of which call for widespread changes to occur in 2010.

1. X. Wang et al., "Finding Collisions in the Full SHA-1," Advances in Cryptology —Crypto 2005, LNCS 3621, Springer, 2005, pp. 17–36.
2. H.K. Lee et al., "Cryptographic Strength of SSL/TLS Servers: Current and Recent Practices," Proc. 7th ACM Sigcomm Conf. Internet Measurement, ACM Press, 2007, pp. 83–92.

Index Terms:
cryptographic key length, key size, key update, practical security, security, peering
Citation:
Stephen Farrell, "Keys Don't Grow in Threes," IEEE Internet Computing, vol. 13, no. 3, pp. 96, 94-95, May-June 2009, doi:10.1109/MIC.2009.64
Usage of this product signifies your acceptance of the Terms of Use.