On 14-07-2010 07:52, Jeffrey Walton wrote:
On Tue, Jul 13, 2010 at 3:04 PM, Jakob Bohm<jb-open...@wisemo.com> wrote:
On 13-07-2010 15:00, Jeffrey Walton wrote:
[SNIP]
proponents of the RSA and DH algorithms said that the
number was wildly exaggerated and proposed some much
smaller values.
I'm not willing to go out on a limb a recommend a smaller moduli (what
is RSA recommending, BTW?). I look at it this way: When DSS was
proposed, RSA Data Securities lobbied hard to get an RSA Signature
included. They can't win them all....
Yes, that mostly dead company lost the political lobbying battle against
Certicom, but I was asking about science, not politics.
http://scholar.google.com/scholar?hl=en&q=integer+factorization+estimate&as_sdt=20000000&as_ylo=2008&as_vis=0
After looking at some of the rather mixed bag of documents from that
search, I was able to spot only the following factoid, which I post here
for the benefit of the rest of the list (and I hope this one is right).
The needed size of RSA moduli increases approximately with the cube
of the equivalent symmetric key size, thus if 128 bit AES corresponds
to L bit RSA, 256 bit AES should correspond to 8L bit RSA.
I did not spot an article that seemed to give estimates for the
actual RSA key lengths corresponding to modern symmetric key lengths.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
