On Sat, 14 Sep 2013 09:31:22 -0700 Paul Hoffman <paul.hoff...@vpnc.org> wrote: > Also see RFC 3766 from almost a decade ago; it has stood up fairly > well.
For those not aware, the document, by Paul and Hilarie Orman, discusses equivalent key strengths and practical brute force methods, giving extensive detail on how all calculations were done. A URL for the lazy: http://tools.ietf.org/html/rfc3766 It is very well done. I'd like to see an update done but it does feel like the methodology was well laid out and is difficult to argue with in general. The detailed numbers are slightly different from others out there, but not so much as to change the general recommendations that have been floating around. Their table, from April 2004, looked like this: +-------------+-----------+--------------+--------------+ | System | | | | | requirement | Symmetric | RSA or DH | DSA subgroup | | for attack | key size | modulus size | size | | resistance | (bits) | (bits) | (bits) | | (bits) | | | | +-------------+-----------+--------------+--------------+ | 70 | 70 | 947 | 129 | | 80 | 80 | 1228 | 148 | | 90 | 90 | 1553 | 167 | | 100 | 100 | 1926 | 186 | | 150 | 150 | 4575 | 284 | | 200 | 200 | 8719 | 383 | | 250 | 250 | 14596 | 482 | +-------------+-----------+--------------+--------------+ They had some caveats, such as the statement that if TWIRL like machines appear, we could presume an 11 bit reduction in strength -- see the RFC itself for details. Perry -- Perry E. Metzger pe...@piermont.com _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
