--
Bill Stewart wrote:
> The real question with ECC, other than patents, which don't seem to
> interfere too much right now and will gradually go away, is how long
> the keys need to be, and how long they can be trusted. ~~160-bit
> keys were short enough to be convenient. 256-bit is probably about
> the limit - I've seen some discussion of 512-bit keys, and at that
> point you're pushed into message formats that make it inconvenient
> to exchange keys again. Is there a consensus view about what
> keylengths are reliable?
Except for special cases, breaking an n bit ECC system involves
2^(n/2) EC operations, and EC operations are slow.
So 160 bits is sufficient, and 255 bits small enough to hand the keys
around.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
p2QzZm1xG7xN9AVFcM1MUIw3KDIAp2MG0bf6c6UU
4hqypUw7qHAIittFmiU/1gQOoNSxTS+vQdHdbb0nT
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
