Recommended key size for life long key

[Filip M. Nowak]

Hi

On 09/08/2013 05:07 PM, Robert J. Hansen wrote:
> On 9/8/2013 4:32 AM, Ole Tange wrote:
>> The short answer: You do not have to trust projection to use the 
>> other findings. If you have a better projection, use that instead.
> 
> (...)
> We can't be sure 2048-bit keys will be broken by 2100.  Likewise, it's
> within the realm of possibility 4096-bit keys will be broken tomorrow.

Interesting comment for a sworn enemy of longer then default/hardcoded
key length :) (no provocation or trolling intended Robert)

Citing B. Schneier:

"(...) If we think that's the case, the fix is easy: increase the key
lengths."*

> Factoring/discrete-log technology has stalled out for the last 20-odd
> years after some very promising periods in the late-80s and early-90s.
> The dominant technology used today is the General Number Field Sieve,
> which was first developed around 1993.
> 
> This shouldn't really surprise us.  Factoring is *hard*.  It's provably
> an NP problem, which means that (assuming P!=NP) there will never, ever,
> ever, be an efficient algorithm for it [1].  We've been looking for
> efficient ways to factor ever since Eratosthenes; it is quite likely
> there simply isn't one.
> (...)

After Mr Schneier again:

"Breakthroughs in factoring have occurred regularly over the past
several decades, allowing us to break ever-larger public keys. Much of
the public-key cryptography we use today involves elliptic curves,
something that is even more ripe for mathematical breakthroughs. It is
not unreasonable to assume that the NSA has some techniques in this area
that we in the academic world do not. Certainly the fact that the NSA is
pushing elliptic-curve cryptography is some indication that it can break
them more easily."**

And one more time:

"If we think that's the case, the fix is easy: increase the key lengths."*

*, ** -
https://www.schneier.com/blog/archives/2013/09/the_nsas_crypto_1.html

	Regards,
	Filip M. Nowak