Arnold G. Reinhold wrote: > At 11:49 AM -0800 2/25/02, bear wrote: > >... > >The "secure forever" level of difficulty that we used to believe > >we got from 2kbit keys in RSA is apparently a property of 6kbit > >keys and higher, barring further highly-unexpected discoveries. > > Highly-unexpected? All of public key cryptography is build on > unproven mathematical assumptions. Why should this be the last > breakthrough? If you plot the curve of what key length was considered > long enough as a function of time, it doesn't look very good.
Indeed, the only PK primitive I *really* trust is secure hash based signatures - http://bitconjurer.org/CheapSignaturesBeta.py Going one step below that, most of the practical breaks we've had have been from protocol screwups rather than key length problems, and I've never seen a list purporting to be definitive of all the gotchas in RSA, so the only fancy math primitive I feel confident to design a protocol with is diffie-hellman. So there you have it - the only really confidence-inspiring piece of public key cryptography was the first one ever invented. -Bram Cohen "Markets can remain irrational longer than you can remain solvent" -- John Maynard Keynes --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]