Hi Kirk, > I've already implemented the ECDSA scheme in my application: > using SHA-1 and secp160k1. In that case, consider using ECDSA.
> I'm pretty faster on the signer's side, but i'm actually > much slower on the verification side. Compare apples to apples: use an appropriate RSA moduli. Since you've selected SHA-256, here are the contestants: RSA3072 vs P-256 or B-283. If you want to test using SHA-1, use RSA1024 vs P-160 or B-163. > Is there any real implementation who can show me how much > time someone need to factor 512-key? See, for example, the RSA challenges (dated) and the prime pages (http://primes.utm.edu/). UTM seems to keep the pages up to date. Outside of that, search SiteSeer or ask over at sci.crypt. > So, should i worry about an attack on the SHA-1? The security level has been reduced to somewhere around 2^50 (from an ideal level of 2^80). See McDonald, Hawkes, and Pieprzyk's paper from Eurocrypt 2009. I also agree with John Pierce's thinking: the threat model should include either a well funded [agency|government], or a distributed effort. > Does a individual hackers have the NASA's PC?... > I'm also getting information about special HW for for attacking > cryptographic systems. A more interesting question is, 'How is the attacker plugging his hardware into NASA's network.' :) > So, should i worry about an attack ... on the # of sent messages? I don't believe so. I'd have to go to the HAC, but I believe the number of messages under a key applies to encipherment and not signatures. Also keep in mind that FIPS recommends/requires SHA-2, which means you can drop to SHA-224 if the 1000 messages per day are placing too much of a burden on your server. Jeff On Mon, Nov 9, 2009 at 10:44 AM, Kirk81 <rigo_...@yahoo.it> wrote: > > Jeffrey Walton-3 wrote: >> >>> 1. For how many days can I use a 512-bit key? >> 0 >> > > Does a individual hackers have the NASA's PC? lol, I mean I'm looking about > the integer factorization problem and, from a SW point of view, I think only > a comunity of PCs can solve the problem in few time (less than one day?!) . > Am I wrong? Or can u do it with a standard PC? :-/ > > I'm also getting information about special HW for for attacking > cryptographic systems. Some papers (focused on the number-field sieve) > claims to be able to hack the 512-key in less than 10 minutes, but without > an actual implementation. > Is there any real implementation who can show me how much time someone need > to factor 512-key? Do you know it? cos i would like to know the currently > lifetime (minutes? lol) of the 512-bits key. > > > Jeffrey Walton-3 wrote: >> >> Try an elliptic curve. It will be about 8-12 times faster than RSA, >> with a smaller signature. Since your using SHA-256, use P-256 or >> B-233. >> :) >> Jeff >> > I've already implemented the ECDSA scheme in my application: using SHA-1 and > secp160k1. Yep. I'm pretty faster on the signer's side, but i'm actually > much slower on the verification side. > > Of course, with ECDSA, the lifetime of my key is quite longer, since HW > attacks appear infeasible on secp160k1. So, should i worry about an attack > on the SHA-1? or on the # of sent messages? > > thanks > -- > [SNIP] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
