Joseph Ashwood writes:
> Bernstein's proposal does have an impact, but I do not believ that 3x the
> key size is necessary
> I believe Bernstein's proposal results in the necessity of a keysize of
> approximately 1.5 times what was required before
> I believe that there are further similar advance
I have done a significant amount of considering on the very questions raised
in this. This consideration has spanned approximately a month of time. These
are my basic conclusions:
Bernstein's proposal does have an impact, but I do not believ that 3x the
key size is necessary
I believe Bernstein's
On Mon, 25 Mar 2002, Bill Stewart wrote:
> While SSL implementations are mostly 1024 bits these days,
> aren't PGP Diffie-Hellman keys usually 1536 bits?
I think there's a general consensus that the minimum
recommended key size for X9.42 Diffie-Hellman PGP keys
is 1024bits. I'm not sure if the
On Thu, 28 Mar 2002, Lucky Green wrote:
:Which brings me to an issue that I hope may be on-topic to this mailing
:list: I would like to be able to enforce that the keys my users can use
:to authenticate themselves to my sshd to be of a minimum size. Is there
:a config option to sshd that will reje
[OK, let me try this again, since we clearly got off on the wrong foot
here. My apologies for overreacting to Damien's post; I have been
receiving dozens of emails from the far corners of the Net over the last
few days that alternatively claimed that I was a stooge of the NSA
because everybody kno
> Here's a real question: if you could build a special purpose machine
> to do 1024 bit RSA keys (that is, factor a 1024 bit number), how much
> would that help with discrete logs in a safe prime field?
Solving discrete logs via NFS is structurally similar to factoring.
You start off with a facto
You know, Lucky, most of the people here have been around the block a
few times, and your previous post is just classic Usenet whinage.
Complaining about puncuation indeed. Spare us, please.
Look, we've all read the background. The improvement is a function
f(n) which for large n may approach 3
I think it wouldn't hurt to use 2048 bit RSA keys for anything that
supports them. I've been using 2048 bit RSA keys with PGP since 1995
based on the assumption even given uncertainty about the future of
factoring that double the key size can't hurt, and didn't make any
significant difference to
Here's the distribution of RSA key sizes in SSL servers, as
recorded by my SSL server survey in June 2000 and June 2001
RSA Server Key size
Key bits2000 2001
2048 .2% .2%
1024 70% 80%
>= 1
On Mon, 25 Mar 2002, Bill Stewart wrote:
> While SSL implementations are mostly 1024 bits these days,
> aren't PGP Diffie-Hellman keys usually 1536 bits?
The ElGamal encryption keys (Diffie-Hellman is a misnomer in PGP's case)
are usually 2048 bits, though the DSA signing keys are almost always
At 05:38 PM 03/23/2002 -0800, Lucky Green wrote:
>While the latter doesn't warrant comment, one question to ask
>spokespersons pitching the former is "what key size is the majority of
>your customers using with your security product"? Having worked in this
>industry for over a decade, I can state
In article <00e101c1d2d8$c9768080$c33a080a@LUCKYVAIO>,
Lucky Green <[EMAIL PROTECTED]> wrote:
>The panel, consisting of Ian Goldberg and Nicko van Someren, put forth
>the following rough first estimates:
I'd just like to credit the "O(minutes)" calculation to Nicko;
my own opinion was that:
- We
Lucky Green writes:
> The panel, consisting of Ian Goldberg and Nicko van Someren, put forth
> the following rough first estimates:
>
> While the interconnections required by Bernstein's proposed architecture
> add a non-trivial level of complexity, as Bruce Schneier correctly
> pointed out in his
[The LNE node bounced my first attempt at sending this email since it
exceeded the length constraints. My apologies if you are receiving this
email twice].
As those of you who have discussed RSA keys size requirements with me
over the years will attest to, I always held that 1024-bit RSA keys
cou
14 matches
Mail list logo
