On 2010-07-11 10:11 AM, Brandon Enright wrote:
> On Fri, 9 Jul 2010 21:16:30 -0400 (EDT) Jonathan
> Thornburg wrote:
>
>> The following usenet posting from 1993 provides an
>> interesting bit (no pun itended) of history on RSA key
>> sizes. The key passage is the last paragraph, asserting
>> tha
On 11-07-2010 01:11, Brandon Enright wrote:
> On Fri, 9 Jul 2010 21:16:30 -0400 (EDT)
> Jonathan Thornburg wrote:
>
>> The following usenet posting from 1993 provides an interesting bit
>> (no pun itended) of history on RSA key sizes. The key passage is the
>> last paragraph, asserting that 1024
Dan:
You didn't mention the option of switching to elliptic curves. A
256-bit elliptic curve is probably stronger than 2048-bit RSA [1]
while also being more efficient in every way except for CPU cost for
verifying signatures or encrypting [2].
I like the Brainpool curves which comes with a bette
On Fri, 9 Jul 2010 21:16:30 -0400 (EDT)
Jonathan Thornburg wrote:
> The following usenet posting from 1993 provides an interesting bit
> (no pun itended) of history on RSA key sizes. The key passage is the
> last paragraph, asserting that 1024-bit keys should be ok (safe from
> key-factoring att
The following usenet posting from 1993 provides an interesting bit
(no pun itended) of history on RSA key sizes. The key passage is the
last paragraph, asserting that 1024-bit keys should be ok (safe from
key-factoring attacks) for "a few decades". We're currently just
under 1.75 decades on from
Dan,
>
> I looked at the GNFS runtime and plugged a few numbers in. It seems
> RSA Security is using a more conservative constant of about 1.8 rather
> than the suggested 1.92299...
>
> See:
> http://mathworld.wolfram.com/NumberFieldSieve.html
>
> So using 1.8, a 1024 bit RSA key is roughly equiva
On Thu, 1 Jul 2010 06:46:30 +0200
Dan Kaminsky wrote:
> All,
>
>I've got a "perfect vs. good" question.
>
>NIST is pushing RSA-2048. And I think we all agree that's
> probably a good thing.
>
>However, performance on RSA-2048 is too low for a number of real
> world uses.
>
>A
All,
I've got a "perfect vs. good" question.
NIST is pushing RSA-2048. And I think we all agree that's probably a
good thing.
However, performance on RSA-2048 is too low for a number of real world
uses.
Assuming RSA-2048 is unavailable, is it worth taking the intermediate
step of u