Why use 256-bit symmetric encryption in TLS when 2048-bit RSA doesn't even offer 128-bit strength?

People use 256-bit encryption because they can, and, given the choice, people tend to go for the biggest numbers, because they feel that they "deserve it".

Scientifically, it does not indeed make sense to use AES-256 when the key exchange relies on 2048-bit RSA. This is just wasted CPU cycles; AES-128 would have been equally fine. But "256" can woo auditors into submission. Such are the intricacies of the human psychology.


The RSA weakness only applies to the key exchange and establishing the session. If the attacker doesn't catch this, the actual communication itself is far more resistant to brute force with the 256 bit symmetric encryption. (Though both are currently way, way beyond impossible to brute force. Key reduction attacks that could come up in the future could make it a significant difference, but that isn't known now.) The RSA is the weakpoint, but that doesn't mean that it isn't worth using higher security for the persistent portion of the connection/session.

Tags:

Encryption

Tls

Related

How easy is it, really, to be hacked as an average user? How does Network Discovery OFF protect my computer? Is there any way for my ISP or LAN admin to learn my Gmail address as a result of me logging into Gmail's web interface through via their network? VPN tunnel inside other VPN tunnel Creating an X.509 certificate with an invalid signature Do actual penetration testers actually use tools like metasploit? How to safely store sensitive data like a social security number? SSL certificate chain verification Double Submit Cookies vulnerabilities Is there any point in passphrase-protecting an SSH private key that is used by a service account? Can users make use of a password manager when banks tell them never to write passwords down? Why does an anti-forgery token need so many bits?

Recent Posts