Dan, > > I looked at the GNFS runtime and plugged a few numbers in. It seems > RSA Security is using a more conservative constant of about 1.8 rather > than the suggested 1.92299... > > See: > http://mathworld.wolfram.com/NumberFieldSieve.html > > So using 1.8, a 1024 bit RSA key is roughly equivalent to a 81 bit > symmetric key. Plugging in 1280 yields 89 bits. > > I'm of the opinion that if you take action to improve security, you > should get more than 8 additional bits for your efforts. For example, > 1536 shouldn't be that much slower but gives 96 bits of security. >
Here's the actual data, in terms of transactions per second, I'm getting for a sample app: 512: 710.042382 1024: 187.187719 1280: 108.592265 1536: 73.314751 2048: 20.645645 2048 ain't happening. The relative diff between 1280 and 1536 is interesting though. > > For posterity, here is a table using 1.8 for the GNFS constant: > > RSA Symmetric > ---------------- > 256 43.7 > 512 59.8 > 768 71.6 > 1024 81.2 > 1280 89.5 > 1536 96.8 > 2048 109.4 > 3072 129.9 > 4096 146.5 > 8192 195.1 > > Do other cracking mechanisms have similar curves to GNFS (with different constants)? --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
