On Wed, 15 Aug 2007 08:29:05 EDT, Marc Evans said: > I have been reading more and more lately about current PKI techniques > nearing their end of life, and that elliptic-curve cryptography (ECC) is a > likely replacement. Here is one such article on the topic: > > http://www.gcn.com/print/26_20/44801-1.html > > That said, I am not finding much in the area of public implementations and > scrutiny. Can anyone shed any light on the subject?
Well, the MD5 hash is well into "stick a fork in it, it's done" status, and people should be migrating to SHA-n based code. The biggest problem with RSA is that we'll probably have to move from 1K-bit keys to 2K-bit keys sometime in the next decade. Elliptic curves are an interesting replacement mostly in some niches, most notably for smart cards or other places where power and/or computrons are a scarce resource. On laptops and higher, it doesn't buy you any additional security - the only reason to move in *that* direction is if your organization is deploying something to secure both smart-card class and laptop-class devices with one system. Phrased differently: The smart card can't handle RSA with 2048 bit keys, but *can* do an ECC with 256 bit keys, so we'll do it that way across the board.
pgpWg3sUu9OO1.pgp
Description: PGP signature
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
