On Tue, Aug 31, 2010 at 11:27:39PM -0700, Bill Stewart wrote: > It's possible that > under some conditions, trying to brute-force the RSA is more efficient > than simply brute-forcing the symmetric key
As of 2003, RSA said: 1024 bit RSA ~= 80 bit symmetric 2048 bit RSA ~= 112 bit symmetric 3072 bit RSA ~= 128 bit symmetric So PK is usually weaker than the symmetric part of a hybrid scheme. I hear that NIST Key Mgmt guideline (SP 800-57) suggests that the RSA key size equivalent to a 256 bit symmetric key is roughly 15360 bits. I haven't actually checked this reference, so I don't know how they got such a big number; caveat emptor. I have no idea what the state of, say, AES brute forcing is, so I don't know the ratio from AES key size to ideal symmetric cipher key sizes. I'm guessing it's pretty close to 1, but would love to hear if it's not. -- It asked me for my race, so I wrote in "human". -- The Beastie Boys My emails do not have attachments; it's a digital signature that your mail program doesn't understand. | http://www.subspacefield.org/~travis/ If you are a spammer, please email j...@subspacefield.org to get blacklisted.
pgp16o2aSPNwM.pgp
Description: PGP signature