On Thu, 21 Jan 2010, Edward Lewis wrote:
What I'd like to hear is:
"Crypto-expert __________ says an RSA-SHA256 key of 1024 bits is good for
_______ signatures/days."
I did ask my local Waterloo based cryptographer (Ian Goldberg) this
question about a year ago for RSA-SHA1. And apart from his advise to use
RSASSA-PSS and not PKCS1-v1_5, he thought a year would be extremely safe.
I just asked another Toronto based cryptographer, Kelly Rose, the same
question, and he said he would not trust it for more then two years.
Also, consider this paper from July 2009:
https://documents.epfl.ch/users/l/le/lenstra/public/papers/ecdl.pdf
Next considering special purpose hardware, the most optimistic
approach suggests that sieving for a 1024-bit RSA modulus can be
done in a year for about US $10,000,000, plus a one-time development
cost of about US $20,000,000,
As for your specific birthday present, you will not get it. The same
paper says:
Estimates should thus not be read as threatening but as
confidence-inspiring.
That's what I'd like for my birthday present this year.
How about a cookie instead?
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
