Best Practices

Faramir faramir.cl at gmail.com
Mon Dec 13 01:37:03 CET 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

El 10-12-2010 11:41, Robert J. Hansen escribió:
...
> Add a new UID and revoke the old.  You don't need to generate a new
> certificate.  RSA-4K is, IMO, phenomenal overkill for the vast majority
> of users.  Breaking RSA-2K is believed comparable in difficulty to
> breaking 3DES, and that prospect is ... let's just say "implausible."

  Based on Schneier's estimations in "Applied Cryptography, Second
Edition", I calculated breaking RSA 2048 would be between 1E7 and 1E9
times harder than breaking RSA 1024 (I divided the MIPS required to
break RSA 2048 by the MIPS required to break RSA 1024).

  I know the book is old, and the estimations might be wrong, but
still... there is a huge difference between breaking RSA 1024 (which so
far has not happened), and breaking RSA 2048. It's not like saying "it
would require 2 times more computing power", it's several orders of
magnitude harder.

  If RSA 1024 becomes breakable today, and after that factorizing keys
become 1000 times easier that it is today, and computers become 1000
times more powerful, they would still need at least 10 times more power
to break RSA 2048. Yes, a lot of if's, but still useful to give an idea
about how harder it would be.

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEbBAEBCAAGBQJNBWqvAAoJEMV4f6PvczxAasYH92kLwCf2y9A5LvwQlLd/G2d4
jiUQ8PK922yAJ9UnjqAhJOoKJ3AtZw3URYp9IXGNJpUSgI1OSUVX5KHkCCwxaZWq
NZ5m/8euHkqLd6PBqDWlHnK0lrkgEj0kUZyvSs0iceFwCt+WR7vp9QT1kAqC3kTN
FCXGYKJzIhs8IkzYbYdD4BY6Lm4natCpN6mvA9btaF/Yi4UEyknu2Nmc1NCRlojY
8WfjdzNmFNWZH/ulkVRlfUgUF+gaFBZvuxByyCbFq0U4JwDwEfn34C2WXtamEDBd
wXGdXu7J5NN6ZHsN2iiKdFMmwdXop1iaAKy1/aOilw0W/bpuO3J2i1K4yBdK7w==
=hm7Y
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list