On Apr 2, 2014, at 8:26 AM, Colm MacCárthaigh <c...@allcosts.net> wrote:
> Cryptographic failures are often undemonstrated for decades. This is an important point, particularly when talking about RSA keys. It is important to note that RSA keys are *not* broken by brute force. There is some tricky math that is used to make the problem of finding the private key easier. That math was discovered long after the RSA algorithm was developed. That math kept getting much better for over a decade, but there have been no major public improvements in the math in about a decade. There easily could be non-public improvements that we don't know about; there are certainly a lot of papers that chip away at the problem, albeit slowly for keys >~768 bits. For elliptic curve cryptography, there was a major improvement that came almost immediately (that's why P256 only has 128 bits of strength), and nothing since then at all. That's why cryptographers think of ECC as more "reliable": there is little expectation that the math will improve for attackers of ECC, and high expectation that it will improve for attackers of RSA and non-EC DSA. --Paul Hoffman _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
