[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Factoring - State of the Art and Predictions
Bruce Schneier gives us:
> Table 4: Recommended public-key key lengths (in bits)
>
> Year vs. I vs. C vs. G
> 1995 768 1280 1536
> 2000 1024 1280 1536
> 2005 1280 1536 2048
> 2010 1280 1536 2048
> 2015 1536 2048 2048
I applaud Bruce for making this unpopular presentation of the somber facts.
If these figures are taken seriously, the conclusion is that 1024 bit keys
are not even good TODAY if one is concerned about the C or G level attack.
In fact, not even the 1280 bit key is good for G level attack today.
Pay attention, people. Factoring is still a good cryptographic approach,
but the key lengths have to keep growing larger. Factoring may be NP-hard
in the key length, but the rate of growth of our ability to factor is
actually going up exponentially as well. The speed of encryption and
decryption for 2048 bit keys on my Pentium is quite reasonable today... and
my confidence in the long-term security of my encrypted files has increased
considerably with the advent of PGP 2.6.2, for just that reason.
Doug Cutrell
_____________________________________________________________
Doug Cutrell General Partner
[email protected] Open Mind, Santa Cruz
=============================================================