[TIME_WARP] 1280-Bit RSA
Dan Kaminsky
dan at doxpara.com
Fri Jul 9 18:19:44 EDT 2010
Dan,
>
> I looked at the GNFS runtime and plugged a few numbers in. It seems
> RSA Security is using a more conservative constant of about 1.8 rather
> than the suggested 1.92299...
>
> See:
> http://mathworld.wolfram.com/NumberFieldSieve.html
>
> So using 1.8, a 1024 bit RSA key is roughly equivalent to a 81 bit
> symmetric key. Plugging in 1280 yields 89 bits.
>
> I'm of the opinion that if you take action to improve security, you
> should get more than 8 additional bits for your efforts. For example,
> 1536 shouldn't be that much slower but gives 96 bits of security.
>
Here's the actual data, in terms of transactions per second, I'm getting for
a sample app:
512: 710.042382
1024: 187.187719
1280: 108.592265
1536: 73.314751
2048: 20.645645
2048 ain't happening. The relative diff between 1280 and 1536 is
interesting though.
>
> For posterity, here is a table using 1.8 for the GNFS constant:
>
> RSA Symmetric
> ----------------
> 256 43.7
> 512 59.8
> 768 71.6
> 1024 81.2
> 1280 89.5
> 1536 96.8
> 2048 109.4
> 3072 129.9
> 4096 146.5
> 8192 195.1
>
>
Do other cracking mechanisms have similar curves to GNFS (with different
constants)?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list