On Sun, Sep 08, 2013 at 06:29:01PM -0400, Robert J. Hansen wrote: > A factor of 125 is so small as to be irrelevant.
Well... If factoring takes a month, with the factor of 125, it takes ten years. Seems not that irrelevant to me. Of course, this is made using completely made up numbers, as I do not at all know how fast QC will be able to do the factoring. > The real obstacle is that Shor's algorithm requires 2n qubits to be > formed in an ensemble, so you'd be going from requiring a 4k quantum > computer to a 20k quantum computer. Given decoherence, that might > amount to a much more insurmountable obstacle. Still, my money is on QC. Strangely enough, I would have thought 4k qubits would be quite a huge need, thus meaning we would have overcome the major problems with decoherence. But, again, not being a quantum physicist, I cannot be relied upon on that subject. > The problem is the exact same thing can be said for RSA-2048. RSA-2048 > is expected to last at least the next 25 years; it may last for the next > century. Hard to say. Depends a lot on the progression of science > fiction level technologies, like quantum computation. And again, anyone > trying to predict out past about 25 years needs to explain why they are > able to do this where NIST, RSA Data Security, and so many others have > failed to be able to do this. You are right, we do not know whether RSA-2048 will hold or not. The only point I was saying was that RSA-10k will quite likely (even more likely than NIST's predictions, IMHO) resist at least as long as RSA-2048. That said, everything is a matter of preference. The only reason I would see for using a 10k key would be in order to encrypt or sign documents that should be valid for years -- more years than what we are able to forecast. Because, unfortunately (or not, depending on the viewpoint), cryptanalysis is retroactive. That said, cheers ! Leo _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
