Long Key Performance
Enzo Michelangeli
em at who.net
Sun Apr 21 13:36:02 CEST 2002
----- Original Message -----
From: "Justin Troutman" <justinrt at bellsouth.net>
To: <gnupg-devel at gnupg.org>
Sent: Sunday, 21 April, 2002 11:53 AM
Subject: Re: Long Key Performance
[...]
> > Current estimates seems to assume that 256-bit ciphers like Rijndael-256
> are
> > as hard to break as 16Kbit RSA or DH keys (and about 512-bit ECC keys);
>
> With rising in key sizes among symmetrical and asymmetrical, it's not
> accurate to assume that you'd need a 16kbit RSA/DH key to correspond to a
> 256-bit Rijndael key. The attack schemes and security levels on these two
> different systems
> are quite different in that comparing them is somewhat irrelevant after a
> certain point.
NIST, in the document
http://csrc.nist.gov/encryption/dss/ecdsa/NISTReCur.pdf , explicitly
suggests that for ECC keys one should use a number of bits roughly double
than the symmetric cipher's keysize; and Certicom in 1999 (see e.g.
http://www.scramdisk.clara.net/pgpfaq.html#SubElliptic ) published the
following table of comparison:
Block Cipher Keylength RSA Key Length EC Key Length
80 1024 160
112 2048 224
128 3072 256
192 7680 384
256 15360 512
Enzo
P.S.: For Anonymous: I can't reply to your private mail unless you let me
have either an e-mail address or a nym, and your PGP key.
More information about the Gnupg-devel
mailing list