[Cryptography] RSA equivalent key length/strength
Perry E. Metzger
perry at piermont.com
Sat Sep 14 12:14:11 EDT 2013
On Sat, 14 Sep 2013 16:53:38 +0100 Peter Fairbrother
<zenadsl6186 at zen.co.uk> wrote:
> NIST also give the "traditional" recommendations, 80 -> 1024 and 112
> -> 2048, plus 128 -> 3072, 192 -> 7680, 256 -> 15360.
> But, I wonder, where do these longer equivalent figures come from?
> I don't know, I'm just asking - and I chose Wikipedia because that's
> the general "wisdom".
> [ Personally, I recommend 1,536 bit RSA keys and DH primes for
> security to 2030, 2,048 if 1,536 is unavailable, 4,096 bits if
> paranoid/high value; and not using RSA at all for longer term
> security. I don't know whether someone will build that sort of
> quantum computer one day, but they might. ]
On what basis do you select your numbers? Have you done
calculations on the time it takes to factor numbers using modern
algorithms to produce them?
Perry E. Metzger perry at piermont.com
More information about the cryptography