Best Practices

Ingo Klöcker kloecker at
Mon Dec 13 11:10:44 CET 2010

On Monday 13 December 2010, Faramir wrote:
> El 10-12-2010 11:41, Robert J. Hansen escribió:
> ...
> > Add a new UID and revoke the old.  You don't need to generate a new
> > certificate.  RSA-4K is, IMO, phenomenal overkill for the vast
> > majority of users.  Breaking RSA-2K is believed comparable in
> > difficulty to breaking 3DES, and that prospect is ... let's just
> > say "implausible."
>   Based on Schneier's estimations in "Applied Cryptography, Second
> Edition", I calculated breaking RSA 2048 would be between 1E7 and 1E9
> times harder than breaking RSA 1024 (I divided the MIPS required to
> break RSA 2048 by the MIPS required to break RSA 1024).
>   I know the book is old, and the estimations might be wrong, but
> still... there is a huge difference between breaking RSA 1024 (which
> so far has not happened), and breaking RSA 2048. It's not like
> saying "it would require 2 times more computing power", it's several
> orders of magnitude harder.
>   If RSA 1024 becomes breakable today, and after that factorizing
> keys become 1000 times easier that it is today, and computers become
> 1000 times more powerful, they would still need at least 10 times
> more power to break RSA 2048. Yes, a lot of if's, but still useful
> to give an idea about how harder it would be.

Well, SETI at Home claims to have over 3 million users. Large botnets have 
tens of thousands slaves. GPUs are in some areas several magnitudes 
faster than CPUs. There go your "several orders of magnitude".

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20101213/8418cec7/attachment.pgp>

More information about the Gnupg-users mailing list