On 2010-07-11 10:11 AM, Brandon Enright wrote:
On Fri, 9 Jul 2010 21:16:30 -0400 (EDT) Jonathan
Thornburgjth...@astro.indiana.edu wrote:
The following usenet posting from 1993 provides an
interesting bit (no pun itended) of history on RSA key
sizes. The key passage is the last paragraph,
Dan:
You didn't mention the option of switching to elliptic curves. A
256-bit elliptic curve is probably stronger than 2048-bit RSA [1]
while also being more efficient in every way except for CPU cost for
verifying signatures or encrypting [2].
I like the Brainpool curves which comes with a
On 11-07-2010 01:11, Brandon Enright wrote:
On Fri, 9 Jul 2010 21:16:30 -0400 (EDT)
Jonathan Thornburg jth...@astro.indiana.edu wrote:
The following usenet posting from 1993 provides an interesting bit
(no pun itended) of history on RSA key sizes. The key passage is the
last paragraph,
On Fri, 9 Jul 2010 21:16:30 -0400 (EDT)
Jonathan Thornburg jth...@astro.indiana.edu wrote:
The following usenet posting from 1993 provides an interesting bit
(no pun itended) of history on RSA key sizes. The key passage is the
last paragraph, asserting that 1024-bit keys should be ok (safe
All,
I've got a perfect vs. good question.
NIST is pushing RSA-2048. And I think we all agree that's probably a
good thing.
However, performance on RSA-2048 is too low for a number of real world
uses.
Assuming RSA-2048 is unavailable, is it worth taking the intermediate
step of
On Thu, 1 Jul 2010 06:46:30 +0200
Dan Kaminsky d...@doxpara.com wrote:
All,
I've got a perfect vs. good question.
NIST is pushing RSA-2048. And I think we all agree that's
probably a good thing.
However, performance on RSA-2048 is too low for a number of real
world uses.
Dan,
I looked at the GNFS runtime and plugged a few numbers in. It seems
RSA Security is using a more conservative constant of about 1.8 rather
than the suggested 1.92299...
See:
http://mathworld.wolfram.com/NumberFieldSieve.html
So using 1.8, a 1024 bit RSA key is roughly equivalent to
The following usenet posting from 1993 provides an interesting bit
(no pun itended) of history on RSA key sizes. The key passage is the
last paragraph, asserting that 1024-bit keys should be ok (safe from
key-factoring attacks) for a few decades. We're currently just
under 1.75 decades on from