On 08/12/2014 12:58 PM, Robert J. Hansen wrote:
This and the answer below seem slightly contradictory. Or do you mean
that a switch to ECC is equivalent to using much bigger keys?
The guidance from NIST is:
[1] shannons of entropy needed
[2] bits of symmetric key
[3] bits of RSA/DSA/ELG
[4] bits of ECDSA/ECetc.
[1] [2] [3] [4]
80 80 1024 160
112 112 2048 224
128 128 3072 256
256 256 ~15k 512
The entropy of symmetric and ECDSA/ECetc. keys scales linearly with key
length; the entropy of RSA/DSA/ELG keys scales logarithmically with key
length.
I really like the new FAQ text, especially the point about moving to ECC
is the way to go forward, not larger RSA keys, and that sooner is better
than later.
Personally I think that the table above would be worthwhile to include
in the FAQ (with a reference of course) too, since it bolsters the
argument so well.
FWIW,
Doug
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
