On 10-07-2010 20:13, Jeffrey Walton wrote:
The general approach is to encrypt data using a symmetric cipher (e.g.,
AES-256) with a randomly-generated key, and then encrypt that symmetric key
with the RSA (public) key.
AES-256 requires a RSA modulus with an equivalent strength, which is a
15360 (IIRC). If you choose RSA-1024 or RSA-2048, you are off by
orders of magnitude.
Are you sure about those numbers? I know that proponents of ECC
cryptography have been roundly criticized for putting forward those
specific numbers and for talking NIST into repeating them in their
official publications.
When the 15360 bit number was put forward as the RSA and DH key length
needed to match the strength of 256 bit ECC keys, proponents of the RSA
and DH algorithms said that the number was wildly exaggerated and
proposed some much smaller values. I don't know if the general crypto
research community has since formed a consensus on what the real
numbers are.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
