-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sep 2, 2013, at 3:06 PM, "Jack Lloyd" <[email protected]> wrote: > On Mon, Sep 02, 2013 at 03:09:31PM -0400, Jerry Leichter wrote: > >> a) The very reference you give says that to be equivalent to 128 >> bits symmetric, you'd need a 3072 bit RSA key - but they require a >> 2048 bit key. And the same reference says that to be equivalent to >> 256 bits symmetric, you need a 521 bit ECC key - and yet they >> recommend 384 bits. So, no, even by that page, they are not >> recommending "equivalent" key sizes - and in fact the page says just >> that. > > Suite B is specified for 128 and 192 bit security levels, with the 192 > bit level using ECC-384, SHA-384, and AES-256. So it seems like if > there is a hint to be drawn from the Suite B params, it's about > AES-192. > The real issue is that the P-521 curve has IP against it, so if you want to use freely usable curves, you're stuck with P-256 and P-384 until some more patents expire. That's more of it than 192 bit security. We can hold our noses and use P-384 and AES-256 for a while. Jon -----BEGIN PGP SIGNATURE----- Version: PGP Universal 3.2.0 (Build 1672) Charset: us-ascii wj8DBQFSJWpasTedWZOD3gYRAjMtAKD/W9IPWtI8qwpP7w0v1aX9BgrwHACeMsRl 594r4LFPCTsIA9+xBUk4/5Q= =RGYR -----END PGP SIGNATURE----- _______________________________________________ The cryptography mailing list [email protected] http://www.metzdowd.com/mailman/listinfo/cryptography
