On Thu, 21 Jan 2010, Eric Rescorla wrote:
Also, consider this paper from July 2009:
https://documents.epfl.ch/users/l/le/lenstra/public/papers/ecdl.pdf
Next considering special purpose hardware, the most optimistic
approach suggests that sieving for a 1024-bit RSA modulus can be
done in a year for about US $10,000,000, plus a one-time development
cost of about US $20,000,000,
And if your attacker has a budget of $1,000,000? Or $100,000,000?
The point is that the numbers depend on your model of the attacker
more than on the cryptography.
The full paper has a cost matrix. Though I just noticed they changed the
URL of the paper :(
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
