I'm trying to mind p's and q's here ;-). I was questioning the last
sentence in 2.2's 2nd paragraph, which states "p must be a minimum of 160
bits long", recognizing X9.42's recommendation for a significantly larger p.
Earlier in the same paragraph, there's a separate statement about q being at
least 160 bits; I wasn't asking about that or private key sizes, just
specifically about p.
Sent: Wednesday, February 17, 1999 5:19 PM
To: Russ Housley
Cc: jlinn(_at_)securitydynamics(_dot_)com; ietf-smime(_at_)imc(_dot_)org
Subject: Re: Comments on x942-05 draft
Russ Housley <housley(_at_)spyrus(_dot_)com> writes:
In 2.2, 2nd paragraph, suggest changing "...m MUST be >=160" -> "...m
be >= 160 bits in length". Later in the paragraph, is 160 bits
the appropriate minimum length for p? (Note, by comparison, that
requires a multiple of 256 bits with a minimum of 512.)
Then Eric replied:
I'd prefer 160. 512 seems like overkill, and has unpleasant performance
I do not have a problem allowing people to have 512-bit private keys.
performance impact is imposed on themselves. I also think that we
permit 160-bit private keys for those people that belive 80-bit security
In summary, I think that we should allow private keys to be between 160
That's no problem, but John indicates that X9.42 has a MINIMUM of 512,
which I consider unacceptable.
As far as I'm concerned people should be allowed to go up to |p|
[Eric Rescorla ekr(_at_)rtfm(_dot_)com]