On Thu, Jan 21, 2010 at 3:08 PM, Paul Wouters <p...@xelerance.com> wrote: > On Thu, 21 Jan 2010, Eric Rescorla wrote: > >>> Also, consider this paper from July 2009: >>> >>> https://documents.epfl.ch/users/l/le/lenstra/public/papers/ecdl.pdf >>> >>> Next considering special purpose hardware, the most optimistic >>> approach suggests that sieving for a 1024-bit RSA modulus can be >>> done in a year for about US $10,000,000, plus a one-time development >>> cost of about US $20,000,000, >> >> >> And if your attacker has a budget of $1,000,000? Or $100,000,000? >> >> The point is that the numbers depend on your model of the attacker >> more than on the cryptography. > > The full paper has a cost matrix. Though I just noticed they changed the > URL of the paper :(
Yes, but my point is that the safety period depends on your assumptions about the attacker's resources, which is why this is not really a technical issue. -Ekr _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
