2048 bits, damn the electrons! [rt at openssl.org: [openssl.org #2354] [PATCH] Increase Default RSA Key Size to 2048-bits]
James Muir
muir.james.a at gmail.com
Thu Sep 30 19:59:21 EDT 2010
On 10-09-30 11:41 AM, Thor Lancelot Simon wrote:
> On Wed, Sep 29, 2010 at 09:22:38PM -0700, Chris Palmer wrote:
>> Thor Lancelot Simon writes:
>>
>>> a significant net loss of security, since the huge increase in computation
>>> required will delay or prevent the deployment of "SSL everywhere".
>>
>> That would only happen if we (as security experts) allowed web developers to
>> believe that the speed of RSA is the limiting factor for web application
>> performance.
>
> At 1024 bits, it is not. But you are looking at a factor of *9* increase
> in computational cost when you go immediately to 2048 bits. At that point,
> the bottleneck for many applications shifts, particularly those which are
> served by offload engines specifically to move the bottleneck so it's not
> RSA in the first place.
It sounds like a good time to switch to 224-bit ECC. You could even use
256-bit ECC, which is comparable to 3072-bit RSA (according to the table
on page 5 of the SEC 2 document).
-James
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20100930/8cb9719a/attachment.pgp>
More information about the cryptography
mailing list