On 1/23/12 4:08 PM, John Clizbe wrote: > Depending on the source, a consensus seems to be forming that beyond > a 2048 or 3072 bit modulus for DSA2 or RSA, folks need to switch to > ECC.
Emphatic agreement -- this is clarification, not dispute: A lot of people like to refer to _Applied Cryptography_ or _The Handbook of Applied Cryptography_ for information on algorithms, and for very good reason: they've generally got excellent information. They are also old books. _AC_ is coming up on twenty years old, for instance, and _HoAC_ isn't much younger. At the time these books were written the jury was still out on whether ECC had firm theoretical underpinnings. Nowadays the jury is back, and ECC is generally recognized as being as reputable as RSA, DSA or Elgamal. [1] ECC will be coming to OpenPGP sooner or later, and probably sooner. I'd be astonished if we didn't have ECC by, say, 2017. [1] You can thank Fermat for this. It turns out that proving Fermat's Last Theorem was instrumental in establishing the correctness of ECC. In 1995, Andrew Wiles proved the Taniyama-Shimura conjecture over semi-stable elliptic curves. This in turn proved Fermat's Last Theorem, and directly led to cryptographers having confidence in elliptical curve cryptography. So the next time someone presents Fermat's Theorem as a mathematical curiosity with no practical purpose, tell them the next generation of encryption algorithms begs to differ... _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users