Bill Stewart wrote:
> The real question with ECC, other than patents, which don't seem to
> interfere too much right now and will gradually go away, is how long
> the keys need to be, and how long they can be trusted. ~~160-bit
> keys were short enough to be convenient. 256-bit is probably about
> the limit - I've seen some discussion of 512-bit keys, and at that
> point you're pushed into message formats that make it inconvenient
> to exchange keys again. Is there a consensus view about what
> keylengths are reliable?

Except for special cases, breaking an n bit ECC system involves
2^(n/2) EC operations, and EC operations are slow.

So 160 bits is sufficient, and 255 bits small enough to hand the keys

         James A. Donald

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to