[Cryptography] RSA equivalent key length/strength

James A. Donald jamesd at echeque.com
Sat Sep 28 22:42:32 EDT 2013

On 2013-09-28 01:23, Phillip Hallam-Baker wrote:
> Most cryptolibraries have a hard coded limit at 4096 bits and there 
> are diminishing returns to going above 2048. Going from 4096 to 8192 
> bits only increases the work factor by a very small amount and they 
> are really slow which means we end up with DoS considerations.
> We really need to move to EC above RSA. Only it is going to be a 
> little while before we work out which parts have been contaminated by 
> NSA interference and which parts are safe from patent litigation. RIM 
> looks set to collapse with or without the private equity move. The 
> company will be bought with borrowed money and the buyers will use the 
> remaining cash to pay themselves a dividend. Mitt Romney showed us how 
> that works.
> We might possibly get lucky and the patents get bought out by a white 
> knight. But all the mobile platform providers are in patent disputes 
> right now and I can't see it likely someone will plonk down $200 
> million for a bunch of patents and then make the crown jewels open.
> Problem with the NSA is that its Jekyll and Hyde. There is the good 
> side trying to improve security and the dark side trying to break it. 
> Which side did the push for EC come from?

In fact we do know this.

NSA NIST claimed that their EC curves are provably random (therefore not 

In fact, they are provably non random, selected on an unrevealed basis, 
which contradiction is, under the circumstances, compelling evidence 
that the NIST curves are in fact backdoored.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130929/9c84fc55/attachment.html>

More information about the cryptography mailing list