pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [resend] Use of DNS to distribute keys

1993-09-20 08:12:00
from [smb] [Permanent Link] 
         >Make it into a 1024 bit key, the minimum you need for real security,

         I couldn't let this pass.  With our current knowledge, 1024 is
         about the maximum useful RSA key size, not the minimum.  512
         bits is plenty for most uses.  It is roughly where DES was 15
         years ago: perhaps NSA can afford to break it but no one else
         can.  If you're worried about NSA, 640 bits is entirely
         adequate unless they know some mathematics the rest of us
         don't.

I think it's safe to assume that NSA does indeed know more math.  Remember
that they'll permit 512-bit RSA to be exported easily.  That, to me,
speaks volumes...

Where the cutoff is, I couldn't say, but I assume they left themselves
some margin.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [resend] Use of DNS to distribute keys, Perry E. Metzger
Next by Date:  Re: [resend] Use of DNS to distribute keys, smb
Previous by Thread:  Re: [resend] Use of DNS to distribute keys, Beast (Donald E. Eastlake, 3rd)
Next by Thread:  Re: [resend] Use of DNS to distribute keys, smb
Indexes:  [Date] [Thread] [Top] [All Lists]