On Sat, 14 Sep 2013 16:53:38 +0100 Peter Fairbrother <zenadsl6...@zen.co.uk> wrote: > NIST also give the "traditional" recommendations, 80 -> 1024 and 112 > -> 2048, plus 128 -> 3072, 192 -> 7680, 256 -> 15360. [...] > But, I wonder, where do these longer equivalent figures come from? > > I don't know, I'm just asking - and I chose Wikipedia because that's > the general "wisdom". [...] > [ Personally, I recommend 1,536 bit RSA keys and DH primes for > security to 2030, 2,048 if 1,536 is unavailable, 4,096 bits if > paranoid/high value; and not using RSA at all for longer term > security. I don't know whether someone will build that sort of > quantum computer one day, but they might. ]
On what basis do you select your numbers? Have you done calculations on the time it takes to factor numbers using modern algorithms to produce them? Perry -- Perry E. Metzger pe...@piermont.com _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography