At 9:49 PM +0300 5/30/08, Eddy Nigg (StartCom Ltd.) wrote: >Paul Hoffman: > >> >> >>Again, I strongly strongly doubt that Mallory will try to break a >>1024-bit key for this attack, at least for 20 years or more. >> >> > >I'm not sure from where you got this information
RFC 3766, which is considered the "best current practice" for the IETF. I am the co-author of the document, and before being published, it was widely reviewed by cryptographers whose names you would recognize. >, because apparently a group of people succeeded in cracking the key >with 650 and something bytes already about two years ago with about >40 64bit AMD dual machines in four month time. Googling that is failing me. >I write this all from memory because I can't find that article again. OK, but an actual reference would be helpful. >I'm sure a big cluster of always getting stronger CPUs (dual, quad, >oct cores) will able to to get on 1024 bit keys in an ever shorter >time until the point to make it economically interesting. Please say why you are sure. Yes, the existence of someone who is richer that Bill Gates and who wanted to spend all of his money to break a single key in about a decade would be "economically interesting", but not in the way I think you meant. RFC 3766 is still used for making many important security decisions. The numbers and math in it are essentially the same as those used by NIST in the guidance that Nelson posted yesterday. To date, no one has asked us to update it, or even to make any significant corrections. If you know something we don't, it would be really useful to the whole Internet community to hear more. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
