Thu Nov 10 09:51:52 CET 2005
"As of 2003 RSA Security claims that 1024-bit RSA keys are equivalent
in strength to 80-bit symmetric keys, 2048-bit RSA keys to 112-bit
symmetric keys and 3072-bit RSA keys to 128-bit symmetric keys. RSA
claims that 1024-bit keys are sufficient until 2010 and that 2048-bit
keys are sufficient until 2030. An RSA key length of 3072 bits should
be used if security is required beyond 2030. NIST key management
guidelines further suggest that 15360-bit RSA keys are equivalent in
strength to 256-bit symmetric keys."
That certainly suggests that the increase in difficulty as keylength
increases isn't nearly as steep as for a symmetric cipher.
So how is RSA keylength related to difficulty in breaking?
On 12/22/05, Atom Smasher <atom at smasher.org> wrote:
> On Wed, 21 Dec 2005, Aleksandar Milivojevic wrote:
> > From the security standpoint, more bits do not buy you more security.
> > Having 16k key or 2k key will buy you about the same security. It is
> > not all in the key lenght. My opinion is, just use 2k key. It will
> > serve you well. I generated one 4k key some time ago, and have almost
> > never used it. Looking back, that was really pointless thing to do.
> to paraphrase bruce schneier: what's more secure? a fence that's a
> thousand feet tall or a fence that's ten thousand feet tall?
> that said, computers keep getting faster and attacks keep getting better.
> back in the early days of PGP(tm) a 1024 bit key would have been
> considered bigger than you'd ever need. history has shown that 1024 bit
> keys are now generally considered the smallest key you'd want to use, and
> may not be "safe" over the course of the next 10-20 years.
> the thing to bear in mind, though, is that a 2048 bit key isn't *just*
> twice as strong as a 1024 bit key... (according to my math, please correc=
> me if i'm wrong) it's this many times stronger:
> a 1025 bit key (if there was such a thing) would be [merely] twice as
> strong as a 1024 bit key. a 1028 bit key would be 16 times stronger.
> compared to a 1024 bit key, a 4096 bit key is stronger by a number that's
> represented by (about) 4624 decimal digits. since no one has publicly
> broken a 1K key i feel pretty safe using 2K keys for everyday stuff.
> also, anyone considering huge keys should read this section from the
> diceware FAQ - <http://world.std.com/~reinhold/dicewarefaq.html#128-bit>
> and remember that breaking a key is the hardest way to "break" pgp...
> there are a lot of easier methods, such as key-loggers and spy-cameras.
> PGP key - http://atom.smasher.org/pgp.txt
> 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
> "What sane person could live in this world and not be crazy?"
> -- Ursula K. LeGuin
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
More information about the Gnupg-users