[145941] in cryptography@c2.net mail archive
Re: 2048 bits, damn the electrons! [rt@openssl.org: [openssl.org
daemon@ATHENA.MIT.EDU (James Muir)
Thu Sep 30 20:54:46 2010
Date: Thu, 30 Sep 2010 19:59:21 -0400
From: James Muir <muir.james.a@gmail.com>
To: cryptography@metzdowd.com
In-Reply-To: <20100930154118.GA23692@panix.com>
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigCDDF106CAC50888B1998C31A
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
On 10-09-30 11:41 AM, Thor Lancelot Simon wrote:
> On Wed, Sep 29, 2010 at 09:22:38PM -0700, Chris Palmer wrote:
>> Thor Lancelot Simon writes:
>>
>>> a significant net loss of security, since the huge increase in comput=
ation
>>> required will delay or prevent the deployment of "SSL everywhere".
>>
>> That would only happen if we (as security experts) allowed web develop=
ers to
>> believe that the speed of RSA is the limiting factor for web applicati=
on
>> performance.
>=20
> At 1024 bits, it is not. But you are looking at a factor of *9* increa=
se
> in computational cost when you go immediately to 2048 bits. At that po=
int,
> the bottleneck for many applications shifts, particularly those which a=
re
> served by offload engines specifically to move the bottleneck so it's n=
ot
> RSA in the first place.
It sounds like a good time to switch to 224-bit ECC. You could even use
256-bit ECC, which is comparable to 3072-bit RSA (according to the table
on page 5 of the SEC 2 document).
-James
--------------enigCDDF106CAC50888B1998C31A
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkylJGIACgkQ4Arkm0Hw/FLBrgCcDyXA5JlqpTqZUvloCK2BngIP
0UIAnAv2H+a2rW0NYhduiSJTodHjRmVs
=8jRo
-----END PGP SIGNATURE-----
--------------enigCDDF106CAC50888B1998C31A--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
