307 digit number factored
Victor Duchovni
Victor.Duchovni at MorganStanley.com
Mon May 21 16:32:10 EDT 2007
On Mon, May 21, 2007 at 02:44:28PM -0400, Perry E. Metzger wrote:
> http://www.physorg.com/news98962171.html
>
> My take: clearly, 1024 bits is no longer sufficient for RSA use for
> high value applications, though this has been on the horizon for some
> time. Presumably, it would be a good idea to use longer keys for all
> applications, including "low value" ones, provided that the slowdown
> isn't prohibitive. As always, I think the right rule is "encrypt until
> it hurts, then back off until it stops hurting"...
When do the Certicom patents expire? I really don't see ever longer RSA
keys as the answer, and the patents are I think holding back adoption...
FWIW, Postfix 2.5 in Q1 08 will have EC support when compiled with (likely
officially released by then) OpenSSL 0.9.9, the recommended curve is
"prime256v1" with "secp384r1" for "encrypt until it hurts" users :-).
The other issue is that sites will need multiple certs during any
transition from RSA to ECC, because the entire Internet won't upgrade
overnight. I am not expecting public CAs to cooperate by charging the
same price for two certs (RSA and ECC) for the same subject name(s),
this also may significantly impede migration.
With EECDH one can use ECDH handshakes signed with RSA keys, but that
does not really address any looming demise of 1024 bit RSA.
--
/"\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL Morgan Stanley confidentiality or privilege,
and use is prohibited.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list