17 Dec
2003
17 Dec
'03
11:17 p.m.
Finally, I'm basing this on comments in 'Applied Cryptography' that D-H keys should be at least 512 bits and preferably 1024. How does the difficulty of breaking a D-H exchange with a 512 bit key compare to breaking a 512 bit RSA key ?
Calculating discrete logarithms is a bit more difficult than factoring. So a 512-bit DH modulus will give you somewhat more security than a 512-bit RSA key. I'm not sure how much, probably not a lot.