[Cryptography] RSA equivalent key length/strength

Perry E. Metzger perry at piermont.com
Sat Sep 14 12:14:11 EDT 2013


On Sat, 14 Sep 2013 16:53:38 +0100 Peter Fairbrother
<zenadsl6186 at zen.co.uk> wrote:
> NIST also give the "traditional" recommendations, 80 -> 1024 and 112
> -> 2048, plus 128 -> 3072, 192 -> 7680, 256 -> 15360.
[...]
> But, I wonder, where do these longer equivalent figures come from?
> 
> I don't know, I'm just asking - and I chose Wikipedia because that's
> the general "wisdom".
[...]
> [ Personally, I recommend 1,536 bit RSA keys and DH primes for
> security to 2030, 2,048 if 1,536 is unavailable, 4,096 bits if
> paranoid/high value; and not using RSA at all for longer term
> security. I don't know whether someone will build that sort of
> quantum computer one day, but they might. ]

On what basis do you select your numbers? Have you done
calculations on the time it takes to factor numbers using modern
algorithms to produce them?

Perry
-- 
Perry E. Metzger		perry at piermont.com


More information about the cryptography mailing list