jim bell <jimbell@pacifier.com> writes:
[ Inside Technologies ] ..."In public-key cryptography, 512-bit keys are typical and already vulnerable. So we are looking at 640-bit-long keys supported by a scalable design."
This kind of thing disgusts me. We already know 512-bit keys are weak. As I recall, I was told that 512 bit keys could be cracked in 20,000 MIPS-years. If the ballpark formula holds that adding 10 bits doubles the security, that merely means that 640 bits is 2**(128/10) or 8000 times strong. While obviously better than 512, it is not ENOUGH better to make me confident that this is a long-term secure length. 768 or 1024 bits should be considered the minimum. A deliberate design of 640 bits makes it look like it's intended to be crackable in 5-10 years, much as DES was suspected of a similar design decision in limiting its keylength to 56 bits.
But the "scalable design" presumably means the hardware can deal with a variety of modulus lengths. As you say, they would be short-sighted to make a fixed choice. Peter Monta pmonta@qualcomm.com Qualcomm, Inc./Globalstar