Re: Hello guyz and cryptobrains! :P

Sun, 15 Apr 2012 15:25:05 -0700 

On 15/04/12 17:01, toredhiddenu...@tormail.net wrote:

Hello guyz and cryptobrains! :P

One of the main disadvantages of EC on openssl seems to be the inability
to create arbitrary-sized keys and advantage for RSA: you can create 32768
bit RSA key but... not greater than 521 bits on ECC.

Will this continue to be a disadvantage or can 32768 RSA key be used instead?

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Well, there are a few points to consider here.
First of all there is nothing about the openssl EC library that restricts the key length. It is perfectly possible to define curves which support key lengths of any size that you desire. However, the library provides numerous standard curves (which support specific defined key lengths) for you to use which in most circumstances are going to be perfectly acceptable. I wouldn't recommend defining your own curve unless you really know what you are doing. If however you can find a curve that supports the key length you want, then you can use the library to create it.
Secondly you cannot directly compare RSA key lengths and EC key lengths. RSA keys are *much* longer than the equivalent EC key size for the same security...and the effect becomes more pronounced the more security that you desire. So: An RSA key size of 1024 bits is equivalent to 160 bits EC (or 80 bit symmetric such as AES) RSA key size of 3072 bits is equivalent to 256 bits EC (or 128 bit symmetric) RSA key size of *15360* bits is equivalent to 512 bits EC (or 256 bit symmetric)
Finally of course that whilst it is possible to define very long key sizes for RSA the practicalities of doing so mean that using EC is by far the better choice. Consider the performance difference you are likely to get working with 15360 bit numbers compared with 512 for EC! 

Matt



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to