Gnupg-users Digest, Vol 131, Issue 15

Robert J. Hansen rjh at
Wed Aug 13 15:07:36 CEST 2014

On 8/13/2014 4:38 AM, Michael Anders wrote:
> Baltimore published:

Fort Meade is actually closer to Laurel than it is to Baltimore.

> (
> symm.   RSA     ECC
> 80 	1024 	160
> 112 	2048 	224
> 128 	3072 	256
> 192 	7680 	384
> 256 	15360 	521

Which shouldn't be any surprise, since NIST collaborates with them on
determining these numbers.  You'll notice that they exactly match NIST's
recommendations, except that NIST doesn't list a 192-bit entry.  Also, I
think your 521 is actually 512.  :)

> The generalized number field sieve(->RSA factoring) scales with
> bitlength to the 1/3

Nope.  That's the computational complexity in a computational-theory
sense, not the complexity in a cryptanalytic sense.  Be real careful
about thinking the two of them are connected; they're probably not.  If
it scaled with bit length to the 1/3 power, and if a 3072-bit RSA key
corresponds to 128 shannons of entropy, a 15360-bit RSA key would only
have 211 shannons -- not 256.

Coming up with these tables is black magic at the best of times.  For
that reason, I hope you'll understand if I choose to rely on NIST rather
than your numbers.  :)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3744 bytes
Desc: S/MIME Cryptographic Signature
URL: </pipermail/attachments/20140813/d5299bbf/attachment.bin>

More information about the Gnupg-users mailing list