[20326] in cryptography@c2.net mail archive
Re: NPR : E-Mail Encryption Rare in Everyday Use
daemon@ATHENA.MIT.EDU (James A. Donald)
Wed Mar 8 12:08:40 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 02 Mar 2006 06:14:49 +1000
From: "James A. Donald" <jamesd@echeque.com>
To: Bill Stewart <bill.stewart@pobox.com>
Cc: Trevor Perrin <trevp@trevp.net>, cryptography@metzdowd.com
In-Reply-To: <6.2.1.2.0.20060228231628.035e3b58@pop.idiom.com>
--
Bill Stewart wrote:
> The real question with ECC, other than patents, which don't seem to
> interfere too much right now and will gradually go away, is how long
> the keys need to be, and how long they can be trusted. ~~160-bit
> keys were short enough to be convenient. 256-bit is probably about
> the limit - I've seen some discussion of 512-bit keys, and at that
> point you're pushed into message formats that make it inconvenient
> to exchange keys again. Is there a consensus view about what
> keylengths are reliable?
Except for special cases, breaking an n bit ECC system involves
2^(n/2) EC operations, and EC operations are slow.
So 160 bits is sufficient, and 255 bits small enough to hand the keys
around.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
p2QzZm1xG7xN9AVFcM1MUIw3KDIAp2MG0bf6c6UU
4hqypUw7qHAIittFmiU/1gQOoNSxTS+vQdHdbb0nT
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
