Hi Jakob, > Are you sure about those numbers? Yes. See SP800-57 [1].
> I know that proponents of ECC cryptography have been roundly > criticized for putting forward those specific numbers and for > talking NIST into repeating them in their official publications. Many of the folks I work with want the FIPs conformance - especially for the sales literature. There's no way I can side step it, regardless of how RSA Data Security feels about it > proponents of the RSA and DH algorithms said that the > number was wildly exaggerated and proposed some much > smaller values. I'm not willing to go out on a limb a recommend a smaller moduli (what is RSA recommending, BTW?). I look at it this way: When DSS was proposed, RSA Data Securities lobbied hard to get an RSA Signature included. They can't win them all.... Jeff [1] SP800-57, p63 (http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf) On Mon, Jul 12, 2010 at 10:16 AM, Jakob Bohm <jb-open...@wisemo.com> wrote: > On 10-07-2010 20:13, Jeffrey Walton wrote: >>> >>> The general approach is to encrypt data using a symmetric cipher (e.g., >>> AES-256) with a randomly-generated key, and then encrypt that symmetric >>> key >>> with the RSA (public) key. >> >> AES-256 requires a RSA modulus with an equivalent strength, which is a >> 15360 (IIRC). If you choose RSA-1024 or RSA-2048, you are off by >> orders of magnitude. >> > > Are you sure about those numbers? I know that proponents of ECC > cryptography have been roundly criticized for putting forward those > specific numbers and for talking NIST into repeating them in their > official publications. > > When the 15360 bit number was put forward as the RSA and DH key length > needed to match the strength of 256 bit ECC keys, proponents of the RSA > and DH algorithms said that the number was wildly exaggerated and > proposed some much smaller values. I don't know if the general crypto > research community has since formed a consensus on what the real > numbers are. > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
