On Thu, 30 Apr 2009 17:44:53 -0700 Jon Callas <j...@callas.org> wrote:
> The accepted wisdom > on 80-bit security (which includes SHA-1, 1024-bit RSA and DSA keys, > and other things) is that it is to be retired by the end of 2010. That's an interesting statement from a historical perspective -- is it true? And what does that say about our ability to predict the future, and hence to make reasonable decisions on key length? See, for example, the 1996 report on key lengths, by Blaze, Diffie, Rivest, Schneier, Shimomura, Thompson, and Wiener, available at http://www.schneier.com/paper-keylength.html -- was it right? In 1993, Brickell, Denning, Kent, Maher, and Tuchman's interim report on Skipjack (I don't believe there was ever a final report) stated that Skipjack (an 80-bit cipher) was likely to be secure for 30-40 years. Was it right? The problem with SHA-1 is not its 80-bit security, but rather that it's not that strong. --Steve Bellovin, http://www.cs.columbia.edu/~smb --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com