Beyond Curve25519
Robert J. Hansen
rjh at sixdemonbag.org
Fri Jan 16 18:24:25 CET 2015
> Funny... people told that as well with RSA key sizes which are
> nowadays no longer considered enough... o.O
Back in the early 1990s, a 1024-bit RSA key was believed to be unassailable.
A 1024-bit key is still today considered unassailable... it just doesn't
have anywhere near the security margin that we want. We advise at least
2048-bit keys to give us a comfortable margin, not because we believe
people are breaking 1024-bit keys.
To give an idea: for distributed.net to exhaust a 64-shannon keyspace
took them about five years. They're currently working on exhausting a
72-shannon keyspace, which they project will take about 200 years.
Exhausting an 80-shannon keyspace (about the same as a 1024-bit RSA key)
would take about 5,000 years at that pace, or one year and 5,000 times
the resources of distributed.net.
1024-bit crypto is still strong today. It's just not as strong as we'd
like and we can do better with few side effects, so let's do better. :)
> It's really disturbing to read such statements (i.e. "xxx bit
> security level will be secure forever - except for quantum
> computers)... it seems as nothing would have been learned from the
> past :-/
No one will ever exhaust a 128-shannon keyspace until we have
large-scale quantum computers and a few decades in which to operate.
No one will ever exhaust a 256-shannon keyspace. Ever.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3744 bytes
Desc: S/MIME Cryptographic Signature
URL: </pipermail/attachments/20150116/8295f42f/attachment.bin>
More information about the Gnupg-devel
mailing list