Penetration Testing mailing list archives
Re: [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places to find crypto ...)
From: Dom De Vitto <dom () DEVITTO COM>
Date: Sun, 10 Dec 2000 00:28:01 -0000
Hmmm, [ so trolling later ] The best document I've found is: http://www.scramdisk.clara.net/pgpfaq.html#SubRSADH Which has this table, comparing the keylenghts of equal strength: Block Cipher RSA EC 80 1024 160 112 2048 224 128 3072 256 192 7680 384 256 15360 512 So it looks like we should all be using 3k keys with our 128-bit CAST/IDEA/whatever... Hmmm. Dom | -----Original Message----- | From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf | Of Bennett Todd | Sent: 07 December 2000 16:02 | To: PEN-TEST () SECURITYFOCUS COM | Subject: [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places to | find crypto ...) | | 2000-12-06-18:46:50 Dom De Vitto: | > Yea, generally speaking 1024 bits can be done by gov's & big | > corps, with (I'd speculate) a few week or so's 24x7 effort. It's | > worth making the keys over 1200 bits, at which point brute forcing | > the 128 bit crypto is often easier/quicker. | | Are you sure about your numbers there? I believe the story is | something more like: | | - A 512-bit composite was factored recently, in one of these big | efforts that brings hundreds or thousands of machines to bear on | the sieving; that suggests that 512-bits is pretty near today's | cutting edge; | | - factoring gets about twice as hard for an additionl 10 bits of key | length; and so | | - a 1024-bit key is somewhere up in the quadrillions of times harder | than the current state of the art | | These points are weakened by a few factors with more or less | importance depending on details of application; basically, Moore's | law seems to be staying on track, and the factoring gurus have | done a pretty good job of continuing to ride it. Factoring also | sees periodic algorithmic improvements that cause it to run ahead | of Moore's law, though whether those will continue, slow, or | accellerate is anybody's guess. | | If you want to encrypt a document whose cyphertext will exposed to | the public, and whose plaintext must remain secret for many, many | years, I'm pretty sure I've heard folks who'd know recommending | 2048-bit RSA keys, on the grounds that they would seem, under | reasonable assumptions, to be of similar strength to 128-bit | symmetric cypher keys. | | But as an illustration of the significance of the application | details, for login access control purposes --- e.g. ssh --- a | 768-bit key may well be adequate today. It really depends on whether | you pass long-lived secrets through that encrypted tunnel. | | -Bennett |
Current thread:
- [PEN-TEST] Places to find crypto craking tools Erick Arturo Perez Huemer (Dec 01)
- Re: [PEN-TEST] Places to find crypto craking tools Nicholas Harring (Dec 02)
- Re: [PEN-TEST] Places to find crypto craking tools Jose Nazario (Dec 02)
- Re: [PEN-TEST] Places to find crypto craking tools William D. Colburn (aka Schlake) (Dec 02)
- Re: [PEN-TEST] Places to find crypto craking tools Crist Clark (Dec 02)
- Re: [PEN-TEST] Places to find crypto craking tools Dom De Vitto (Dec 07)
- [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places to find crypto ...) Bennett Todd (Dec 10)
- Re: [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places to find crypto ...) Dom De Vitto (Dec 10)
- Re: [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places to find crypto ...) Dom De Vitto (Dec 10)
- Re: [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places to find crypto ...) Brian Russo (Dec 13)
- Re: [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places tofind crypto ...) Camillo Särs (Dec 13)
- Re: [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places tofind crypto ...) Clem Colman (Dec 13)
- Re: [PEN-TEST] Places to find crypto craking tools Jose Nazario (Dec 02)
- Re: [PEN-TEST] Places to find crypto craking tools Nicholas Harring (Dec 02)