-----BEGIN PGP SIGNED MESSAGE----- On Tue, 28 May 1996, Andrew Loewenstern wrote:
Mark M. <markm@voicenet.com> writes:
The normal key-length recommendation was 96 bits. 64 bits and 80 bits are equivalent to 512 bits and 768 bits respectively. I would guess that a 1024-bit key is about as strong as an 96-bit key. The first two numbers are from _Applied Cryptography_; my estimate is an extrapolation from the data = in AC.
These number should be qualified with the date on which the estimate was determined. New factoring techniques increase the number of RSA key bits required to make factoring work equivalent to a given brute-force search.
Also, I would think that the NFS makes 512 bit RSA key factoring easier than brute-forcing 64-bits of key space...
Quite true. These estimates were made in 1995 so they are probably still pretty accurate. The rate at which factoring time decreases is greater than the rate at which brute-force time decreases. As to your claim that factoring a 512 bit number is easier than bruting a 64-bit key space, it is not feasible for anyone except maybe the NSA to do either of these. I have heard that an effort similar to that of factoring RSA 127 will be launched against a 512- bit modulus. I think that the difficulty is about equal to that of brute- forcing a 64-bit key. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm@voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 ((2b) || !(2b)) | Old key now used only for signatures "The concept of normalcy is just a conspiracy of the majority" -me -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMatd7bZc+sv5siulAQHZZAP/eyguOKHDmfYtVEr7JVH0jxuTRVWdWDxJ ICEuHrhKnF0xG3kaBirOMtvZjnga90cFRk++pEv/zbAS0qyEoizA1YxnKUQrqHn5 emuYf+lbm83fzBBOcKwdspoSg8W25TTtJIH2BX7JpNiyVzfco7DcHJOPxlDxspGZ LgUf7G9L4vI= =uO8h -----END PGP SIGNATURE-----