non 2048-bit keys
Samuel Neves
sneves at dei.uc.pt
Sun Aug 15 19:10:25 EDT 2010
If an attacker creating a special-purpose machine to break your keys is
a realistic scenario, why are you even considering keys of that size?
Best regards,
Samuel Neves
On 15-08-2010 04:25, John Gilmore wrote:
>>> ... 2048-bit keys performing
>>> at 1/9th of 1024-bit. My own internal benchmarks have been closer to
>>> 1/7th to 1/8th. Either way, that's back in line with the above stated
>>> 90-95% overhead. Meaning, in Dan's words "2048 ain't happening."
> Can I abuse a phrase and call this "binary thinking"?
>
> There is no reason that the next step after 1024 bits has to be 2048 bits.
> How about 1032 bits? Or 1040? Or 1104?
> How about 1200 bits? How about 1536? How about 1600? 1808?
>
> I have a theory that if everyone picked a pseudo-random key size above
> 1024 and below 2048, rather than standardizing on Yet Another Fixed
> Keysize, we'd avoid making a powerful incentive for bad guys to build
> a key-cracker optimized for one size. Which incentive we have
> currently created at 1024 bits. It's the Microsoft Windows of key
> sizes -- the target that gets you 90+% of the market. So pick a
> larger size than 1024 that your server load can live with, even if it
> isn't 2048. And don't tell anybody else what size you picked :-).
>
> John
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list