NPR : E-Mail Encryption Rare in Everyday Use

James A. Donald jamesd at echeque.com
Wed Mar 1 15:14:49 EST 2006


     --
Bill Stewart wrote:
 > The real question with ECC, other than patents, which don't seem to
 > interfere too much right now and will gradually go away, is how long
 > the keys need to be, and how long they can be trusted. ~~160-bit
 > keys were short enough to be convenient. 256-bit is probably about
 > the limit - I've seen some discussion of 512-bit keys, and at that
 > point you're pushed into message formats that make it inconvenient
 > to exchange keys again. Is there a consensus view about what
 > keylengths are reliable?

Except for special cases, breaking an n bit ECC system involves
2^(n/2) EC operations, and EC operations are slow.

So 160 bits is sufficient, and 255 bits small enough to hand the keys
around.

     --digsig
          James A. Donald
      6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
      p2QzZm1xG7xN9AVFcM1MUIw3KDIAp2MG0bf6c6UU
      4hqypUw7qHAIittFmiU/1gQOoNSxTS+vQdHdbb0nT

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list