The current recommendations in NIST SP 800-57 Part 1, Table 2 suggest that 256-bit symmetric strength is matched by ECC strength of 512+ bits. All of the ECC sizes given in Table 2 are slightly different than given below, and most are given as ranges, not single values.
http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_gener al.pdf (see page 64) -Peter On 7/22/15, 1:36 AM, "TLS on behalf of Martin Thomson" <tls-boun...@ietf.org on behalf of martin.thom...@gmail.com> wrote: >Is table 1 correct? > > +-----------+-----+------------+ > | Symmetric | ECC | DH/DSA/RSA | > +-----------+-----+------------+ > | 80 | 163 | 1024 | > | 112 | 233 | 2048 | > | 128 | 283 | 3072 | > | 192 | 409 | 7680 | > | 256 | 571 | 15360 | > +-----------+-----+------------+ > >Aren't we dropping 571? Can we use values that match up. > >Or, drop the table. > >_______________________________________________ >TLS mailing list >TLS@ietf.org >https://www.ietf.org/mailman/listinfo/tls > _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
