at Wednesday, October 16, 2002 7:17 PM, David E. Weekly <[EMAIL PROTECTED]> was seen to say: > As for PKI being secure for 20,000 years, it sure as hell won't be if > those million-qubit prototypes turn out to be worth their salt. I wasn't aware they even had a dozen-qbit prototypes functional yet - but even so - assuming that each qbit is actually a independent complete machine (it isn't - you need to build a machine bigger than one bit) and you had a million-unit module built - this would be equivilent to building one million (2^20, I'll be generous and give you the extra few thousand) machines each able to cross-check their results instantly (so identify if one of the million has a correct answer) This will mean you can brute force a key as though it were 20 bits shorter in keylength. even assuming you can use the usual comparison (3Kbit RSA=128 bit symmetric) this leaves you the equivilient of a 108 bit key to break - and even assuming a quantum virtual machine ran as fast as a real world one, that would take a while. Of course, if you have a machine that will break a 108 bit key in under a hundred years, I am sure the NSA would like to make you an offer......
I can't remember the last time I used an asymmetric key as small as 3Kbits. my current key is 4K and has been for some years, and my next will probably be 6K just to be sure.
