No subject
Thu Nov 10 09:51:52 CET 2005
"As of 2003 RSA Security claims that 1024-bit RSA keys are equivalent
in strength to 80-bit symmetric keys, 2048-bit RSA keys to 112-bit
symmetric keys and 3072-bit RSA keys to 128-bit symmetric keys. RSA
claims that 1024-bit keys are sufficient until 2010 and that 2048-bit
keys are sufficient until 2030. An RSA key length of 3072 bits should
be used if security is required beyond 2030. NIST key management
guidelines further suggest that 15360-bit RSA keys are equivalent in
strength to 256-bit symmetric keys."
That certainly suggests that the increase in difficulty as keylength
increases isn't nearly as steep as for a symmetric cipher.
*Stops conjecture*
So how is RSA keylength related to difficulty in breaking?
On 12/22/05, Atom Smasher <atom at smasher.org> wrote:
> On Wed, 21 Dec 2005, Aleksandar Milivojevic wrote:
>
> > From the security standpoint, more bits do not buy you more security.
> > Having 16k key or 2k key will buy you about the same security. It is
> > not all in the key lenght. My opinion is, just use 2k key. It will
> > serve you well. I generated one 4k key some time ago, and have almost
> > never used it. Looking back, that was really pointless thing to do.
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>
> to paraphrase bruce schneier: what's more secure? a fence that's a
> thousand feet tall or a fence that's ten thousand feet tall?
>
> that said, computers keep getting faster and attacks keep getting better.
> back in the early days of PGP(tm) a 1024 bit key would have been
> considered bigger than you'd ever need. history has shown that 1024 bit
> keys are now generally considered the smallest key you'd want to use, and
> may not be "safe" over the course of the next 10-20 years.
>
> the thing to bear in mind, though, is that a 2048 bit key isn't *just*
> twice as strong as a 1024 bit key... (according to my math, please correc=
t
> me if i'm wrong) it's this many times stronger:
>
> 17976931348623159077293051907890247336179769789423065727343008115773\
> 26758055009631327084773224075360211201138798713933576587897688144166\
> 22492847430639474124377767893424865485276302219601246094119453082952\
> 08500576883815068234246288147391311054082723716335051068458629823994\
> 7245938479716304835356329624224137216
>
> a 1025 bit key (if there was such a thing) would be [merely] twice as
> strong as a 1024 bit key. a 1028 bit key would be 16 times stronger.
> compared to a 1024 bit key, a 4096 bit key is stronger by a number that's
> represented by (about) 4624 decimal digits. since no one has publicly
> broken a 1K key i feel pretty safe using 2K keys for everyday stuff.
>
> also, anyone considering huge keys should read this section from the
> diceware FAQ - <http://world.std.com/~reinhold/dicewarefaq.html#128-bit>
> and remember that breaking a key is the hardest way to "break" pgp...
> there are a lot of easier methods, such as key-loggers and spy-cameras.
>
>
> --
> ...atom
>
> _________________________________________
> PGP key - http://atom.smasher.org/pgp.txt
> 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
> -------------------------------------------------
>
> "What sane person could live in this world and not be crazy?"
> -- Ursula K. LeGuin
>
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
More information about the Gnupg-users
mailing list