[Cryptography] RSA equivalent key length/strength
Paul Crowley
paul at ciphergoth.org
Wed Oct 2 09:54:18 EDT 2013
On 30 September 2013 23:35, John Kelsey <crypto.jmk at gmail.com> wrote:
> If there is a weak curve class of greater than about 2^{80} that NSA knew
> about 15 years ago and were sure nobody were ever going to find that weak
> curve class and exploit it to break classified communications protected by
> it, then they could have generated 2^{80} or so seeds to hit that weak
> curve class.
>
If the NSA's attack involves generating some sort of collision between a
curve and something else over a 160-bit space, they wouldn't have to be
worried that someone else would find and attack that "weak curve class"
with less than 2^160 work.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131002/9c11e2a0/attachment.html>
More information about the cryptography
mailing list