A site supports Public key length of 256 bits while best practice is 1024+ - what does this mean?












1














Given that this is asymmetric cryptography with private/public key, I am not sure if reduced bit length is breakable easier than longer keys. I understand that the key population is reduced (hence randomness, hence brute force) however, I am still wondering, does this mean it is easily breakable? Are there any studies/research/cryptanalysis performed to measure what this mean?



The site I am referring to here is web.Whatsapp.com



India wants social media sites such as Whatsapp to make the content accessible by Government (because of hatred spread on social media that led to people being lynched!). Is it possible that the public key size is purposefully reduced to accommodate this?



I got a VPN through US and verified it is 256 bits for accessing in US too. So, is it possible that WhatsApp is not as secure as we think?






encryption cryptography whatsapp







share|improve this question









New contributor




tazz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 1




    The public key crypto being used by WhatsApp web is Curve25519.
    – defalt
    4 hours ago










  • Generally, to get 128 bit security for ECC, you need approximately double the key size, or 256 bits for the public key. To get the same for non-ECC asymmetric cryptography such as RSA, you need around 3072 bits. You really can't compare them. Also, if WhatsApp uses Curve25519, then it is sufficiently secure and has approximately 116 bits of effective security (i.e. equivalent to a 116-bit symmetric key).
    – forest
    2 hours ago


















1














Given that this is asymmetric cryptography with private/public key, I am not sure if reduced bit length is breakable easier than longer keys. I understand that the key population is reduced (hence randomness, hence brute force) however, I am still wondering, does this mean it is easily breakable? Are there any studies/research/cryptanalysis performed to measure what this mean?



The site I am referring to here is web.Whatsapp.com



India wants social media sites such as Whatsapp to make the content accessible by Government (because of hatred spread on social media that led to people being lynched!). Is it possible that the public key size is purposefully reduced to accommodate this?



I got a VPN through US and verified it is 256 bits for accessing in US too. So, is it possible that WhatsApp is not as secure as we think?






encryption cryptography whatsapp







share|improve this question









New contributor




tazz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 1




    The public key crypto being used by WhatsApp web is Curve25519.
    – defalt
    4 hours ago










  • Generally, to get 128 bit security for ECC, you need approximately double the key size, or 256 bits for the public key. To get the same for non-ECC asymmetric cryptography such as RSA, you need around 3072 bits. You really can't compare them. Also, if WhatsApp uses Curve25519, then it is sufficiently secure and has approximately 116 bits of effective security (i.e. equivalent to a 116-bit symmetric key).
    – forest
    2 hours ago
















1












1








1







Given that this is asymmetric cryptography with private/public key, I am not sure if reduced bit length is breakable easier than longer keys. I understand that the key population is reduced (hence randomness, hence brute force) however, I am still wondering, does this mean it is easily breakable? Are there any studies/research/cryptanalysis performed to measure what this mean?



The site I am referring to here is web.Whatsapp.com



India wants social media sites such as Whatsapp to make the content accessible by Government (because of hatred spread on social media that led to people being lynched!). Is it possible that the public key size is purposefully reduced to accommodate this?



I got a VPN through US and verified it is 256 bits for accessing in US too. So, is it possible that WhatsApp is not as secure as we think?






encryption cryptography whatsapp







share|improve this question









New contributor




tazz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











Given that this is asymmetric cryptography with private/public key, I am not sure if reduced bit length is breakable easier than longer keys. I understand that the key population is reduced (hence randomness, hence brute force) however, I am still wondering, does this mean it is easily breakable? Are there any studies/research/cryptanalysis performed to measure what this mean?



The site I am referring to here is web.Whatsapp.com



India wants social media sites such as Whatsapp to make the content accessible by Government (because of hatred spread on social media that led to people being lynched!). Is it possible that the public key size is purposefully reduced to accommodate this?



I got a VPN through US and verified it is 256 bits for accessing in US too. So, is it possible that WhatsApp is not as secure as we think?






encryption cryptography whatsapp




encryption cryptography whatsapp






share|improve this question









New contributor




tazz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




tazz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited 2 hours ago









schroeder

73.3k29160195




73.3k29160195






New contributor




tazz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 5 hours ago









tazz

61




61




New contributor




tazz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





tazz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






tazz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.








  • 1




    The public key crypto being used by WhatsApp web is Curve25519.
    – defalt
    4 hours ago










  • Generally, to get 128 bit security for ECC, you need approximately double the key size, or 256 bits for the public key. To get the same for non-ECC asymmetric cryptography such as RSA, you need around 3072 bits. You really can't compare them. Also, if WhatsApp uses Curve25519, then it is sufficiently secure and has approximately 116 bits of effective security (i.e. equivalent to a 116-bit symmetric key).
    – forest
    2 hours ago
















  • 1




    The public key crypto being used by WhatsApp web is Curve25519.
    – defalt
    4 hours ago










  • Generally, to get 128 bit security for ECC, you need approximately double the key size, or 256 bits for the public key. To get the same for non-ECC asymmetric cryptography such as RSA, you need around 3072 bits. You really can't compare them. Also, if WhatsApp uses Curve25519, then it is sufficiently secure and has approximately 116 bits of effective security (i.e. equivalent to a 116-bit symmetric key).
    – forest
    2 hours ago










1




1




The public key crypto being used by WhatsApp web is Curve25519.
– defalt
4 hours ago




The public key crypto being used by WhatsApp web is Curve25519.
– defalt
4 hours ago












Generally, to get 128 bit security for ECC, you need approximately double the key size, or 256 bits for the public key. To get the same for non-ECC asymmetric cryptography such as RSA, you need around 3072 bits. You really can't compare them. Also, if WhatsApp uses Curve25519, then it is sufficiently secure and has approximately 116 bits of effective security (i.e. equivalent to a 116-bit symmetric key).
– forest
2 hours ago






Generally, to get 128 bit security for ECC, you need approximately double the key size, or 256 bits for the public key. To get the same for non-ECC asymmetric cryptography such as RSA, you need around 3072 bits. You really can't compare them. Also, if WhatsApp uses Curve25519, then it is sufficiently secure and has approximately 116 bits of effective security (i.e. equivalent to a 116-bit symmetric key).
– forest
2 hours ago












2 Answers
2






active

oldest

votes


















1














It's an up-to-date website using elliptic curve cryptography (ECC). ECC key sizes are not directly comparable with RSA, and a 256-bit key is more than enough for security -- 112-bit is the most that has ever been cracked. It's equivalent to a 3072-bit RSA key.






share|improve this answer





























    1














    In short, 256-bit public key is from ECC, i.e. elliptic curve cryptography.



    The 1024-bit public key refers to bit length of RSA parameter $N$.



    Now we are at late 2018, the best practice of RSA parameter $N$ is 2048-bit.



    You can check https://en.wikipedia.org/wiki/Key_size for a detailed explanation regarding to key size.






    share|improve this answer





















      Your Answer








      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "162"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: false,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      noCode: true, onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });






      tazz is a new contributor. Be nice, and check out our Code of Conduct.










      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f200560%2fa-site-supports-public-key-length-of-256-bits-while-best-practice-is-1024-wha%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      1














      It's an up-to-date website using elliptic curve cryptography (ECC). ECC key sizes are not directly comparable with RSA, and a 256-bit key is more than enough for security -- 112-bit is the most that has ever been cracked. It's equivalent to a 3072-bit RSA key.






      share|improve this answer


























        1














        It's an up-to-date website using elliptic curve cryptography (ECC). ECC key sizes are not directly comparable with RSA, and a 256-bit key is more than enough for security -- 112-bit is the most that has ever been cracked. It's equivalent to a 3072-bit RSA key.






        share|improve this answer
























          1












          1








          1






          It's an up-to-date website using elliptic curve cryptography (ECC). ECC key sizes are not directly comparable with RSA, and a 256-bit key is more than enough for security -- 112-bit is the most that has ever been cracked. It's equivalent to a 3072-bit RSA key.






          share|improve this answer












          It's an up-to-date website using elliptic curve cryptography (ECC). ECC key sizes are not directly comparable with RSA, and a 256-bit key is more than enough for security -- 112-bit is the most that has ever been cracked. It's equivalent to a 3072-bit RSA key.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered 4 hours ago









          Mike Scott

          7,6061930




          7,6061930

























              1














              In short, 256-bit public key is from ECC, i.e. elliptic curve cryptography.



              The 1024-bit public key refers to bit length of RSA parameter $N$.



              Now we are at late 2018, the best practice of RSA parameter $N$ is 2048-bit.



              You can check https://en.wikipedia.org/wiki/Key_size for a detailed explanation regarding to key size.






              share|improve this answer


























                1














                In short, 256-bit public key is from ECC, i.e. elliptic curve cryptography.



                The 1024-bit public key refers to bit length of RSA parameter $N$.



                Now we are at late 2018, the best practice of RSA parameter $N$ is 2048-bit.



                You can check https://en.wikipedia.org/wiki/Key_size for a detailed explanation regarding to key size.






                share|improve this answer
























                  1












                  1








                  1






                  In short, 256-bit public key is from ECC, i.e. elliptic curve cryptography.



                  The 1024-bit public key refers to bit length of RSA parameter $N$.



                  Now we are at late 2018, the best practice of RSA parameter $N$ is 2048-bit.



                  You can check https://en.wikipedia.org/wiki/Key_size for a detailed explanation regarding to key size.






                  share|improve this answer












                  In short, 256-bit public key is from ECC, i.e. elliptic curve cryptography.



                  The 1024-bit public key refers to bit length of RSA parameter $N$.



                  Now we are at late 2018, the best practice of RSA parameter $N$ is 2048-bit.



                  You can check https://en.wikipedia.org/wiki/Key_size for a detailed explanation regarding to key size.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered 3 hours ago









                  9f241e21

                  573




                  573






















                      tazz is a new contributor. Be nice, and check out our Code of Conduct.










                      draft saved

                      draft discarded


















                      tazz is a new contributor. Be nice, and check out our Code of Conduct.













                      tazz is a new contributor. Be nice, and check out our Code of Conduct.












                      tazz is a new contributor. Be nice, and check out our Code of Conduct.
















                      Thanks for contributing an answer to Information Security Stack Exchange!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.





                      Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                      Please pay close attention to the following guidance:


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f200560%2fa-site-supports-public-key-length-of-256-bits-while-best-practice-is-1024-wha%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      -

                      Popular posts from this blog

                      Morgemoulin

                      Image
                      Morgemoulin — miejscowość i gmina — Państwo   Francja Region Grand Est Departament Moza Okręg Verdun Kod INSEE 55357 Powierzchnia 6,82 km² Populacja  (1990) • liczba ludności 75 • gęstość 11 os./km² Kod pocztowy 55400 Położenie na mapie Francji Morgemoulin 49°14′N   5°35′E / 49,233333   5,583333 Portal Francja Morgemoulin – miejscowość i gmina we Francji, w regionie Grand Est, w departamencie Moza. Według danych na rok 1990 gminę zamieszkiwało 75 osób, a gęstość zaludnienia wynosiła 11 osób/km² (wśród 2335 gmin Lotaryngii Morgemoulin plasuje się na 970. miejscu pod względem liczby ludności, natomiast pod względem powierzchni na miejscu 848.). Bibliografia | Francuski urząd statystyczny ( fr. ) . p   •   d   •   e Gminy okręgu Verdun Abaucourt-Hautecourt • Aincreville • Ambly-sur-Meuse • Amel-sur-l'Étang • Ancemont • Arrancy-sur-Crusne • Aubréville • Autré...
                      Read more

                      Scott Moir

                      Image
                      Scott Moir Tessa Virtue i Scott Moir w 2016 r. Reprezentacja   Kanada Data i miejsce urodzenia 2 września 1987 London Wzrost 180 cm Konkurencja Pary taneczne Partner sportowy Tessa Virtue Trener Marie-France Dubreuil, Patrice Lauzon, Romain Haguenauer Poprzednio: Marina Zujewa, Oleg Epstein, Igor Szpilband, Johnny Johns, Carol Moir, Paul MacIntosh, Suzanne Killing Klub Montreal International School of Skating Poprzednio: Arctic Edge FSC Ilderton Skating Club Lokalizacja treningowa Montreal Poprzednio: Canton Kitchener Rekordy życiowe ISU przed sezonem 2018/2019 Nota łączna 206,07 Igrzyska Olimpijskie 2018 Taniec krótki 83,67 Igrzyska Olimpijskie 2018 Taniec dowolny 122,40 Igrzyska Olimpijskie 2018 Dorobek medalowy Reprezentacja   Kanada Igrzyska olimpijskie Złoto Vancouver 2010 pary taneczne Złoto Pjongczang 2018 pary taneczne Złoto Pjongczang 2018 drużynowo Srebro S...
                      Read more

                      Souastre

                      Image
                      Souastre — miejscowość i gmina — Herb Państwo   Francja Region Hauts-de-France Departament Pas-de-Calais Okręg Arras Kod INSEE 62800 Powierzchnia 7,18 km² Populacja  (1990) • liczba ludności 352 • gęstość 49 os./km² Kod pocztowy 62111 Położenie na mapie Francji Souastre 50°09′N   2°34′E / 50,150000   2,566667 Portal Francja Souastre – miejscowość i gmina we Francji, w regionie Hauts-de-France, w departamencie Pas-de-Calais. Według danych na rok 1990 gminę zamieszkiwały 352 osoby, a gęstość zaludnienia wynosiła 49 osób/km² (wśród 1549 gmin regionu Nord-Pas-de-Calais Souastre plasuje się na 887. miejscu pod względem liczby ludności, natomiast pod względem powierzchni na miejscu 507.). Bibliografia | Francuski urząd statystyczny ( fr. ) . p   •   d   •   e Gminy okręgu Arras Ablain-Saint-Nazaire Ablainzevelle Acheville Achicourt Achiet-le-Grand Achiet-le-Pe...
                      Read more