On Fri, 2010-08-13 at 14:55 -0500, eric.lengve...@wellsfargo.com wrote: > Moore's law helped immensely here. In the last 5 years systems have gotten > about 8 times faster, reducing the processing cost of crypto a lot.
> The big drawback is that those who want to follow NIST's recommendations > to migrate to 2048-bit keys will be returning to the 2005-era overhead. > Either way, that's back in line with the above stated 90-95% overhead. > Meaning, in Dan's words "2048 ain't happening." I'm under the impression that <2048 keys are now insecure mostly due to advances in factoring algorithms that make the attack and the encryption effort closer to, but by no means identical to, scaling with the same function of key length. This makes the asymmetric cipher have a lower ratio of attack cost to encryption cost at any given key length, but larger key lengths still yield *much* higher ratios of attack cost to encryption cost. At 2048 bits, I think that with Moore's law over the next decade or two dropping attack costs and encryption costs by the same factor, attack costs should remain comfortably out of reach while encryption costs return to current levels now practical for shorter keys. Of course, this reckons without the potential for unforseen advances in factoring or Quantum computing. > There are some possibilities, my co-workers and I have discussed. For > purely internal systems TLS-PSK (RFC 4279) provides symmetric > encryption through pre-shared keys which provides us with whitelisting > as well as removing asymmetric crypto. That's probably a good idea. We've placed a lot of stock in public- key systems because of some neat mathematical properties that seemed to conform to someone's needs for an online business model involving the introduction of strangers who want to do business with each other. But if you can handle key distribution internally by walking down the hall or mailing a CD-ROM preloaded with keys instead of by trusting the network the keys are supposed to secure, you really don't need Public-key crypto's neat mathematical properties. Bear --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com