[Cryptography] SHA-3 FIPS-202: no SHAKE512 but SHAKE128; confusing SHAKE security
Ray Dillinger
bear at sonic.net
Mon Aug 17 10:59:26 EDT 2015
On 08/16/2015 10:49 AM, Phillip Hallam-Baker wrote:
> RSA2048 is reckoned to present a work factor of 2^112 which falls short of
> the 128 we prefer.
>
> To get to 128 bits we need 3072 bits. And even then that is only 128 bits
> against the best attack currently known.
>
>
>
> "RSA really hits diminishing returns above 2048 bits."
>
> If we want to get to 2^256 work factor we need to more than double the
> number of bits, we need 15360 bits which is ridiculous.
I don't believe it's ridiculous. I mean, yes, large, but still under
2k. We already had keys of such a length that nobody was going to
enter them by hand, and 2k is near-epsilon with regard to today's
protocols.
It probably lets the bottom tier devices have a decent excuse not to
implement it, but other than that it's fine.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150817/5419b1fb/attachment.sig>
More information about the cryptography
mailing list