What are the underlying assumptions, especially with regards to the cost to potential attackers, (threat model) of the NIST minimum 112 bits recommendation for US government in 800-63B?

123 views

What are the underlying assumptions, especially with regards to the cost to potential attackers, (threat model) of the NIST minimum 112 bits recommendation for US government in 800-63B?

In: 0

6 Answers

Anonymous 0 Comments

The definitions in that document ultimately trace back to https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-57p1r3.pdf, which indicates that 80 bit keys are already to be considered compromiseable, and that 112 bit keys can only be trusted until 2030.

The assumptions don’t appear to be explicitly stated, but are likely based in Moore’s law, assuming that computers will continue to improve exponentially, and extrapolating to the future point where an acceptable average time to compromise has decreased to an unacceptable value.

Anonymous 0 Comments

The definitions in that document ultimately trace back to https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-57p1r3.pdf, which indicates that 80 bit keys are already to be considered compromiseable, and that 112 bit keys can only be trusted until 2030.

The assumptions don’t appear to be explicitly stated, but are likely based in Moore’s law, assuming that computers will continue to improve exponentially, and extrapolating to the future point where an acceptable average time to compromise has decreased to an unacceptable value.

Anonymous 0 Comments

While /u/ThenaCykez is correct about what the standard says (although unfortunately he or she has linked to a superseded version), the actual mechanical reason that 112 bits was specifically chosen (instead of, for example, a power of 2) is that the [Data Encryption Standard](https://en.wikipedia.org/wiki/Data_Encryption_Standard) supports key lengths that are a multiple of 56 bits (original DES has a 64-bit key but 8 bits are used for parity checking rather than encryption, so a 56-bit effective key length) and while the original 56-bit DES is no longer considered adequately secure, 112-bit is still considered adequately secure (for now although as /u/ThenaCykez points out, it has a planned deprecation date).

The actual estimated cost to compromise encryption schemes used by the US government that is used to inform standards decisions is not made public, because it is informed by non-public cryptographic attacks to which the NSA / other agencies have access but are not widely known.

Anonymous 0 Comments

800-63B is a document written by NIST (National Institute of Standards and Technology) that sets the standard for all government computer systems other than national security services (CIA, FBI etc) The standards are for the cost effective implementation policies for users to access secured systems. They recommend a secret key of 112 bits. 112 bits is the length of the secret key to gain access to the system. The size of a a decimal number able to be stored in 112 bits is :

5,192,296,858,534,827,628,530,496,329,220,096

That number is so large that if someone were to try and brute force (try each unique key one at a time) calculate the secret key it would take so much computer power and time that it would be cost prohibitive for most attackers to attempt.

Anonymous 0 Comments

While /u/ThenaCykez is correct about what the standard says (although unfortunately he or she has linked to a superseded version), the actual mechanical reason that 112 bits was specifically chosen (instead of, for example, a power of 2) is that the [Data Encryption Standard](https://en.wikipedia.org/wiki/Data_Encryption_Standard) supports key lengths that are a multiple of 56 bits (original DES has a 64-bit key but 8 bits are used for parity checking rather than encryption, so a 56-bit effective key length) and while the original 56-bit DES is no longer considered adequately secure, 112-bit is still considered adequately secure (for now although as /u/ThenaCykez points out, it has a planned deprecation date).

The actual estimated cost to compromise encryption schemes used by the US government that is used to inform standards decisions is not made public, because it is informed by non-public cryptographic attacks to which the NSA / other agencies have access but are not widely known.

Anonymous 0 Comments

800-63B is a document written by NIST (National Institute of Standards and Technology) that sets the standard for all government computer systems other than national security services (CIA, FBI etc) The standards are for the cost effective implementation policies for users to access secured systems. They recommend a secret key of 112 bits. 112 bits is the length of the secret key to gain access to the system. The size of a a decimal number able to be stored in 112 bits is :

5,192,296,858,534,827,628,530,496,329,220,096

That number is so large that if someone were to try and brute force (try each unique key one at a time) calculate the secret key it would take so much computer power and time that it would be cost prohibitive for most attackers to attempt.