On Thu, 1 Jul 2010 06:46:30 +0200
Dan Kaminsky d...@doxpara.com wrote:
All,
I've got a perfect vs. good question.
NIST is pushing RSA-2048. And I think we all agree that's
probably a good thing.
However, performance on RSA-2048 is too low for a number of real
world uses.
Dan,
I looked at the GNFS runtime and plugged a few numbers in. It seems
RSA Security is using a more conservative constant of about 1.8 rather
than the suggested 1.92299...
See:
http://mathworld.wolfram.com/NumberFieldSieve.html
So using 1.8, a 1024 bit RSA key is roughly equivalent to
The following usenet posting from 1993 provides an interesting bit
(no pun itended) of history on RSA key sizes. The key passage is the
last paragraph, asserting that 1024-bit keys should be ok (safe from
key-factoring attacks) for a few decades. We're currently just
under 1.75 decades on from