[147115] in cryptography@c2.net mail archive
Re: [Cryptography] RSA equivalent key length/strength
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Sat Sep 14 12:14:18 2013
X-Original-To: cryptography@metzdowd.com
Date: Sat, 14 Sep 2013 12:14:11 -0400
From: "Perry E. Metzger" <perry@piermont.com>
To: Peter Fairbrother <zenadsl6186@zen.co.uk>
In-Reply-To: <52348682.40707@zen.co.uk>
Cc: cryptography@metzdowd.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Sat, 14 Sep 2013 16:53:38 +0100 Peter Fairbrother
<zenadsl6186@zen.co.uk> wrote:
> NIST also give the "traditional" recommendations, 80 -> 1024 and 112
> -> 2048, plus 128 -> 3072, 192 -> 7680, 256 -> 15360.
[...]
> But, I wonder, where do these longer equivalent figures come from?
>
> I don't know, I'm just asking - and I chose Wikipedia because that's
> the general "wisdom".
[...]
> [ Personally, I recommend 1,536 bit RSA keys and DH primes for
> security to 2030, 2,048 if 1,536 is unavailable, 4,096 bits if
> paranoid/high value; and not using RSA at all for longer term
> security. I don't know whether someone will build that sort of
> quantum computer one day, but they might. ]
On what basis do you select your numbers? Have you done
calculations on the time it takes to factor numbers using modern
algorithms to produce them?
Perry
--
Perry E. Metzger perry@piermont.com
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
