On 8/13/2014 4:38 AM, Michael Anders wrote:
> Baltimore published:

Fort Meade is actually closer to Laurel than it is to Baltimore.

> (http://www.nsa.gov/business/programs/elliptic_curve.shtml)
> 
> symm.   RSA     ECC
> 80    1024    160
> 112   2048    224
> 128   3072    256
> 192   7680    384
> 256   15360   521

Which shouldn't be any surprise, since NIST collaborates with them on
determining these numbers.  You'll notice that they exactly match NIST's
recommendations, except that NIST doesn't list a 192-bit entry.  Also, I
think your 521 is actually 512.  :)

> The generalized number field sieve(->RSA factoring) scales with
> bitlength to the 1/3

Nope.  That's the computational complexity in a computational-theory
sense, not the complexity in a cryptanalytic sense.  Be real careful
about thinking the two of them are connected; they're probably not.  If
it scaled with bit length to the 1/3 power, and if a 3072-bit RSA key
corresponds to 128 shannons of entropy, a 15360-bit RSA key would only
have 211 shannons -- not 256.

Coming up with these tables is black magic at the best of times.  For
that reason, I hope you'll understand if I choose to rely on NIST rather
than your numbers.  :)


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to