Andrew Gallagher dijo [Wed, Aug 31, 2016 at 10:14:01AM +0100]: > I'm sceptical of the utility of ECC keys personally. They were first > proposed as a way of reducing work and storage space (because the > space of usable ECC keys is more compact than the sparsely > distributed RSA primes). But they've taken so long to catch on that > technology advancement has made their original justification largely > irrelevant (the only exception to my knowledge being DNSSEC, where > signature length restrictions are still important). And because the > ECC keyspace is more efficiently packed, it is theoretically *more* > susceptible to quantum attacks.
I'm far from a worthy crypto geek myself, but still — Storage space is not the decisive issue; storing a million 4096-bit keys is only an order of magnitude more than storing a million 256-bit keys (the same proportion would naturally apply for a single key), and information appended to the keys themselves (such as photo attributes and the signatures that constitute the web of trust) make the difference quite unnoticeable. What is really a difference is the arithmetic operations upon which they are based: Encryption and decryption under RSA are based on long series of multiplications (or rather, huge exponentiation). Under ECC, the operations are "just" series of additions. Adding is way cheaper for a computer than multiplying, so your hardware will be able to perform many, many more cryptographic operations with ECC than with RSA. _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
