ietf-smime
[Top] [All Lists]

Re: Comments on x942-05 draft

1999-02-17 15:12:14

John said:
In 2.2, 2nd paragraph, suggest changing "...m MUST be >=160" -> "...m MUST
be >= 160 bits in length". Later in the paragraph, is 160 bits intended as
the appropriate minimum length for p?  (Note, by comparison, that X9.42
requires a multiple of 256 bits with a minimum of 512.)

Then Eric replied:
I'd prefer 160. 512 seems like overkill, and has unpleasant performance
tradeoffs.

I do not have a problem allowing people to have 512-bit private keys.  The
performance impact is imposed on themselves.  I also think that we should
permit 160-bit private keys for those people that belive 80-bit security is
useful.

In summary, I think that we should allow private keys to be between 160 and
512 bits.

Russ