307 digit number factored

travis+ml-cryptography at subspacefield.org travis+ml-cryptography at subspacefield.org
Tue Oct 9 18:11:08 EDT 2007


On Mon, May 21, 2007 at 04:32:10PM -0400, Victor Duchovni wrote:
> On Mon, May 21, 2007 at 02:44:28PM -0400, Perry E. Metzger wrote:
> > My take: clearly, 1024 bits is no longer sufficient for RSA use for
> > high value applications, though this has been on the horizon for some
> > time. Presumably, it would be a good idea to use longer keys for all
> > applications, including "low value" ones, provided that the slowdown
> > isn't prohibitive. As always, I think the right rule is "encrypt until
> > it hurts, then back off until it stops hurting"...
> 
> When do the Certicom patents expire? I really don't see ever longer RSA
> keys as the answer, and the patents are I think holding back adoption...

They already expired.

Some EC primitives in the latest OpenSSL.

But why assume short ECC keys are stronger than long RSA?

AFAIK, the only advantage of ECC is that the keys are shorter.
The disadvantage is that it isn't as well studied.

Although every time I read up on ECC, I understand it, and then within
a few days I don't remember anything about it.  I think they teflon
coated those ideas somehow, because they don't stick.

> With EECDH one can use ECDH handshakes signed with RSA keys, but that
> does not really address any looming demise of 1024 bit RSA.

Why can't they do something like El-Gamal?

I'm not comfortable with RSA somehow.  It seems fundamentally more
complicated to me than DLP, and it's hard to get right - look at how
many things there are in the PKCS for it.
-- 
<URL:http://www.subspacefield.org/~travis/> Eff the ineffable!
For a good time on my UBE blacklist, email john at subspacefield.org.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 825 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20071009/08d80fa3/attachment.pgp>


More information about the cryptography mailing list