Well, I don't think the difficulty of breaking a asymmetrical key doubles per bit like it does for symmetical keys.
>From wikipedia: "As of 2003 RSA Security claims that 1024-bit RSA keys are equivalent in strength to 80-bit symmetric keys, 2048-bit RSA keys to 112-bit symmetric keys and 3072-bit RSA keys to 128-bit symmetric keys. RSA claims that 1024-bit keys are sufficient until 2010 and that 2048-bit keys are sufficient until 2030. An RSA key length of 3072 bits should be used if security is required beyond 2030. NIST key management guidelines further suggest that 15360-bit RSA keys are equivalent in strength to 256-bit symmetric keys." That certainly suggests that the increase in difficulty as keylength increases isn't nearly as steep as for a symmetric cipher. *Stops conjecture* So how is RSA keylength related to difficulty in breaking? On 12/22/05, Atom Smasher <[EMAIL PROTECTED]> wrote: > On Wed, 21 Dec 2005, Aleksandar Milivojevic wrote: > > > From the security standpoint, more bits do not buy you more security. > > Having 16k key or 2k key will buy you about the same security. It is > > not all in the key lenght. My opinion is, just use 2k key. It will > > serve you well. I generated one 4k key some time ago, and have almost > > never used it. Looking back, that was really pointless thing to do. > ====================== > > to paraphrase bruce schneier: what's more secure? a fence that's a > thousand feet tall or a fence that's ten thousand feet tall? > > that said, computers keep getting faster and attacks keep getting better. > back in the early days of PGP(tm) a 1024 bit key would have been > considered bigger than you'd ever need. history has shown that 1024 bit > keys are now generally considered the smallest key you'd want to use, and > may not be "safe" over the course of the next 10-20 years. > > the thing to bear in mind, though, is that a 2048 bit key isn't *just* > twice as strong as a 1024 bit key... (according to my math, please correct > me if i'm wrong) it's this many times stronger: > > 17976931348623159077293051907890247336179769789423065727343008115773\ > 26758055009631327084773224075360211201138798713933576587897688144166\ > 22492847430639474124377767893424865485276302219601246094119453082952\ > 08500576883815068234246288147391311054082723716335051068458629823994\ > 7245938479716304835356329624224137216 > > a 1025 bit key (if there was such a thing) would be [merely] twice as > strong as a 1024 bit key. a 1028 bit key would be 16 times stronger. > compared to a 1024 bit key, a 4096 bit key is stronger by a number that's > represented by (about) 4624 decimal digits. since no one has publicly > broken a 1K key i feel pretty safe using 2K keys for everyday stuff. > > also, anyone considering huge keys should read this section from the > diceware FAQ - <http://world.std.com/~reinhold/dicewarefaq.html#128-bit> > and remember that breaking a key is the hardest way to "break" pgp... > there are a lot of easier methods, such as key-loggers and spy-cameras. > > > -- > ...atom > > _________________________________________ > PGP key - http://atom.smasher.org/pgp.txt > 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 > ------------------------------------------------- > > "What sane person could live in this world and not be crazy?" > -- Ursula K. LeGuin > > > > _______________________________________________ > Gnupg-users mailing list > [email protected] > http://lists.gnupg.org/mailman/listinfo/gnupg-users > _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
