RSA key size and safety
in [Cryptography]
|
From: Andrew Haley on 8 Sep 2009 13:06 Tom St Denis <tom(a)iahu.ca> wrote: > On Sep 7, 12:39?pm, Andrew Haley <andre...(a)littlepinkcloud.invalid> > wrote: > > In 1991, [1] said > > > > "For most applications a modulus size of 1024 bits should achieve a > > sufficient level of security for "tactical" secrets for the next ten > > years. ?This is for long term secrecy purposes; for short term > > authenticity purposes 512 bits might suffice in this century." > > > > Andrew. > > > > [1] Th. Beth, M. Frisch and G. Simmons, Public Key Cryptography: State > > of the Art and Future Directions, LNCS 578, SpringerVerlag,1992 > From what I see the 512-bit factorization occurred around 2000. So > that statement is fairly dead on. Even in the mid 90s when I was > getting into cryptography it was fairly common place to be using AT > LEAST 768-bit RSA keys. From what I understand, the QS and MPQS were > the systems used originally, so any time estimates were likely based > on those. A quick google suggests that the GNFS came around out of > the SNFS in the early 90s. They caught that too: "It is not unlikely that [NFS] is better than the ppmpqs for factoring numbers in the 512 bit raange." > Probably after that paper was written, so all in all, the estimates > were scientific. It's a fascinating read. Not only do they attempt to estimate hardware improvement, they also think about future progress in algorithms. It's interesting to note that no-one at the time was prepared to push out estimates beyond a decade. As for today, some people have been saying we might have useful quantum computers in a couple of decades, whereupon all bets are off anyway. Andrew.
From: pubkeybreaker on 8 Sep 2009 14:03
On Sep 8, 1:06 pm, Andrew Haley <andre...(a)littlepinkcloud.invalid> wrote: > Tom St Denis <t...(a)iahu.ca> wrote: <snip> > > > [1] Th. Beth, M. Frisch and G. Simmons, Public Key Cryptography: State > > > of the Art and Future Directions, LNCS 578, SpringerVerlag,1992 > It's a fascinating read. Not only do they attempt to estimate > hardware improvement, they also think about future progress in > algorithms. > > It's interesting to note that no-one at the time was prepared to push > out estimates beyond a decade. You might want to check who was on the technical committee that made the recommendations....... |