RSA 1024 ridiculous
v.simon at ieee.org
Mon Jun 18 23:07:09 CEST 2007
Atom Smasher un jour écrivit:
> On Sun, 17 Jun 2007, Remco Post wrote:
>> Does gnupg support elliptic curve crypto? ;-)
> if you're paranoid about RSA, then there's no reason to go to ECC since
> the math behind it is still young and uncertain.
The algorithm is publicly known since over 20 years, so It start to be
not that young anymore. As an argument, ECDSA is one of the recommended
algorithm by NIST and approved in FIPS 186-2.
It is also known that the NSA, the government of Canada and probably
many other countries use ECC to protect at least some of their sensitive
information. It seems that ECDSA is also already used by at least some
banks, but I don't know well enough to be sure.
Here another argument to support ECC trustiness:
"NSA has determined that beyond the 1024-bit public key cryptography in
common use today, rather than increase key sizes beyond 1024-bits, a
switch to elliptic curve technology is warranted."
Note that NSA also ask that current electronic signatures be strong
enough to last at least 50 years, which is something certainly not OT on
That said, 2 years ago I was looking at ECC, and then found out that
there is apparently hundreds of patents in USA, not directly on ECC, but
on different optimisation, family of curves with special properties, small
variations with ECC, an unknown number of undisclosed submarine patents
and so on. That alone is enough to discourage ECC in free software for
years (and in closed source software where companies are afraid of being
Another point, and not the least, is that implementing ECC properly is
very difficult and error prone. That said, here OSS probably have an
advantage as scholars will tend to study implementations for which they
have the source code.
> while a 1024 bit RSA key
> ~may~ not be secure for a long time, it's old age is due only to computing
> horsepower, not a "break" in the math behind it. as such, a larger RSA key
> buys time... and only time will tell if it buys "enough" time for a
> particular need.
NIST is saying that RSA-1024 will be ok for up to 2010, but that you
should prepare to switch to something more secure in the next few years.
It also means that if there is something you need to protect for more than
5 years, you should not use RSA-1024.
More information about the Gnupg-users