Gnupg-users Digest, Vol 131, Issue 15

Bob (Robert) Cavanaugh robertc at
Wed Aug 13 20:16:01 CEST 2014

Hi Robert,
You are both correct. The hash strength=512 curve is called P-521.

Bob Cavanaugh

-----Original Message-----
From: Gnupg-users [mailto:gnupg-users-bounces at] On Behalf Of Robert J. Hansen
Sent: Wednesday, August 13, 2014 6:08 AM
To: gnupg-users at
Subject: Re: Gnupg-users Digest, Vol 131, Issue 15

On 8/13/2014 4:38 AM, Michael Anders wrote:
> Baltimore published:

Fort Meade is actually closer to Laurel than it is to Baltimore.

> (
> symm.   RSA     ECC
> 80 	1024 	160
> 112 	2048 	224
> 128 	3072 	256
> 192 	7680 	384
> 256 	15360 	521

Which shouldn't be any surprise, since NIST collaborates with them on
determining these numbers.  You'll notice that they exactly match NIST's
recommendations, except that NIST doesn't list a 192-bit entry.  Also, I
think your 521 is actually 512.  :)

> The generalized number field sieve(->RSA factoring) scales with
> bitlength to the 1/3

Nope.  That's the computational complexity in a computational-theory
sense, not the complexity in a cryptanalytic sense.  Be real careful
about thinking the two of them are connected; they're probably not.  If
it scaled with bit length to the 1/3 power, and if a 3072-bit RSA key
corresponds to 128 shannons of entropy, a 15360-bit RSA key would only
have 211 shannons -- not 256.

Coming up with these tables is black magic at the best of times.  For
that reason, I hope you'll understand if I choose to rely on NIST rather
than your numbers.  :)

More information about the Gnupg-users mailing list