On 8/13/2014 4:38 AM, Michael Anders wrote: > Baltimore published: Fort Meade is actually closer to Laurel than it is to Baltimore.
> (http://www.nsa.gov/business/programs/elliptic_curve.shtml) > > symm. RSA ECC > 80 1024 160 > 112 2048 224 > 128 3072 256 > 192 7680 384 > 256 15360 521 Which shouldn't be any surprise, since NIST collaborates with them on determining these numbers. You'll notice that they exactly match NIST's recommendations, except that NIST doesn't list a 192-bit entry. Also, I think your 521 is actually 512. :) > The generalized number field sieve(->RSA factoring) scales with > bitlength to the 1/3 Nope. That's the computational complexity in a computational-theory sense, not the complexity in a cryptanalytic sense. Be real careful about thinking the two of them are connected; they're probably not. If it scaled with bit length to the 1/3 power, and if a 3072-bit RSA key corresponds to 128 shannons of entropy, a 15360-bit RSA key would only have 211 shannons -- not 256. Coming up with these tables is black magic at the best of times. For that reason, I hope you'll understand if I choose to rely on NIST rather than your numbers. :)
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
