At 10:01 PM 10/26/03 -0600, J.A. Terranson wrote:
On Sun, 26 Oct 2003, Eugen Leitl wrote:
<snip>
In the case of the NSA deal, the agency wanted to use a 512-bit key for the ECC system. This is the equivalent of an RSA key of 15,360 bits."
Am I the only one here who finds this "requirement" excessive? My god: are we looking to keep these secrets for 50 years, or 50000 (or more) years?
In meatspace engineering of life-critical systems, you might design for a few times more than you need under worst-case conditions. Eg, on a bridge: high winds, heavy trucks densely spaced, poor maintenance, poor materials. Remember that bridges fall down when you do something new, like use steel. Or nowadays: planes fall out of the sky because you don't know how composites fail. The NSA might be hedging against future algorithmic improvements. If tomorrow you could factor numbers (or the ECC equivalent) with twice the number of bits, will your spies die? Cf. East German Stasi files, and some south-american files being cracked.