Gnupg-users Digest, Vol 131, Issue 15
Robert J. Hansen
rjh at sixdemonbag.org
Wed Aug 13 15:07:36 CEST 2014
On 8/13/2014 4:38 AM, Michael Anders wrote:
> Baltimore published:
Fort Meade is actually closer to Laurel than it is to Baltimore.
> (http://www.nsa.gov/business/programs/elliptic_curve.shtml)
>
> symm. RSA ECC
> 80 1024 160
> 112 2048 224
> 128 3072 256
> 192 7680 384
> 256 15360 521
Which shouldn't be any surprise, since NIST collaborates with them on
determining these numbers. You'll notice that they exactly match NIST's
recommendations, except that NIST doesn't list a 192-bit entry. Also, I
think your 521 is actually 512. :)
> The generalized number field sieve(->RSA factoring) scales with
> bitlength to the 1/3
Nope. That's the computational complexity in a computational-theory
sense, not the complexity in a cryptanalytic sense. Be real careful
about thinking the two of them are connected; they're probably not. If
it scaled with bit length to the 1/3 power, and if a 3072-bit RSA key
corresponds to 128 shannons of entropy, a 15360-bit RSA key would only
have 211 shannons -- not 256.
Coming up with these tables is black magic at the best of times. For
that reason, I hope you'll understand if I choose to rely on NIST rather
than your numbers. :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3744 bytes
Desc: S/MIME Cryptographic Signature
URL: </pipermail/attachments/20140813/d5299bbf/attachment.bin>
More information about the Gnupg-users
mailing list