Gnupg-users Digest, Vol 131, Issue 15
Bob (Robert) Cavanaugh
robertc at broadcom.com
Wed Aug 13 20:16:01 CEST 2014
Hi Robert,
You are both correct. The hash strength=512 curve is called P-521.
Thanks,
Bob Cavanaugh
-----Original Message-----
From: Gnupg-users [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of Robert J. Hansen
Sent: Wednesday, August 13, 2014 6:08 AM
To: gnupg-users at gnupg.org
Subject: Re: Gnupg-users Digest, Vol 131, Issue 15
On 8/13/2014 4:38 AM, Michael Anders wrote:
> Baltimore published:
Fort Meade is actually closer to Laurel than it is to Baltimore.
> (http://www.nsa.gov/business/programs/elliptic_curve.shtml)
>
> symm. RSA ECC
> 80 1024 160
> 112 2048 224
> 128 3072 256
> 192 7680 384
> 256 15360 521
Which shouldn't be any surprise, since NIST collaborates with them on
determining these numbers. You'll notice that they exactly match NIST's
recommendations, except that NIST doesn't list a 192-bit entry. Also, I
think your 521 is actually 512. :)
> The generalized number field sieve(->RSA factoring) scales with
> bitlength to the 1/3
Nope. That's the computational complexity in a computational-theory
sense, not the complexity in a cryptanalytic sense. Be real careful
about thinking the two of them are connected; they're probably not. If
it scaled with bit length to the 1/3 power, and if a 3072-bit RSA key
corresponds to 128 shannons of entropy, a 15360-bit RSA key would only
have 211 shannons -- not 256.
Coming up with these tables is black magic at the best of times. For
that reason, I hope you'll understand if I choose to rely on NIST rather
than your numbers. :)
More information about the Gnupg-users
mailing list