> proposal, I guess, by having documents signed with Ed25519 and > RSA1024... but one of the signatures is much better than the other: > 255-bit ECC groups will be secure long after RSA1024 has fallen.
I think the reference I saw was referring not to extended effective key length [1] but to offset algorithms [2], in case some maths pop up from the hole and say look what we just broke. Yes, both are sortof happening above. I doubt Tor would be the first realtime target upon that news anyway and would be written around in a flag week. Stored traffic later might. O well. [1] eg: 256 ecc ~= 3k rsa afaik [2] As in the md5/sha1 to n (below) to sha3 situation. And maybe some creeping closer for rsa now too. > (I'm also a little surprised that nobody has said we should be using > Keccak or Blake2 in place of SHA256/SHA512 here. ;) ) _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
