Re: encrypting long strings

Mon, 19 Jul 2010 08:28:17 -0700 

On 19-07-2010 14:32, Jeffrey Walton wrote:

On Wed, Jul 14, 2010 at 6:42 AM, Jakob Bohm<jb-open...@wisemo.com>  wrote:

On 14-07-2010 07:52, Jeffrey Walton wrote:


On Tue, Jul 13, 2010 at 3:04 PM, Jakob Bohm<jb-open...@wisemo.com>    wrote:


[SNIP]



proponents of the RSA and DH algorithms said that the
number was wildly exaggerated and proposed some much
smaller values.


I'm not willing to go out on a limb a recommend a smaller moduli (what
is RSA recommending, BTW?). I look at it this way: When DSS was
proposed, RSA Data Securities lobbied hard to get an RSA Signature
included. They can't win them all....


Yes, that mostly dead company lost the political lobbying battle against
Certicom, but I was asking about science, not politics.


http://scholar.google.com/scholar?hl=en&q=integer+factorization+estimate&as_sdt=20000000&as_ylo=2008&as_vis=0


After looking at some of the rather mixed bag of documents from that
search, I was able to spot only the following factoid, which I post here
for the benefit of the rest of the list (and I hope this one is right).

  The needed size of RSA moduli increases approximately with the cube
  of the equivalent symmetric key size, thus if 128 bit AES corresponds
  to L bit RSA, 256 bit AES should correspond to 8L bit RSA.

I did not spot an article that seemed to give estimates for the
actual RSA key lengths corresponding to modern symmetric key lengths.


Make sure to have a look a Lenstra, et. al. "On the Security of 1024-bit RSA
and 160-bit Elliptic Curve Cryptography". Not quite what you were
asking for but a very thorough analysis.

Ah, nice article which did not turn up in the initial search you suggested.


From this article and the other information I believe that the public 
key lengths needed to achieve N bits of security is:


RSA/DH   (N/7.5)**3
ECC      N*2

Thus (with some rounding):

  128 bits:  5120 bit RSA/DH or 256 bit ECC
  192 bits: 16384 bit RSA/DH or 384 bit ECC
  256 bits: 40960 bit RSA/DH or 512 bit ECC

which is not that far off from some other recommendations.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

























					Reply via email to