Triple your RSA key lengths

[ciphergoth]

I've been waiting to hear from one of the really heavyweight experts whether there's any meat behind Bernstein's fast factoring proposals before saying anything.

Bob Silverman just posted a first impression to sci.crypt; he can't see why it wouldn't be practical, and is now recommending 2048-bit keys instead of the 1024-bit keys he used to recommend.

Comments

[lovingboth]

I think this was inevitable, given how much research has gone into this. The good thing is that it was done by someone who's not working for someone like GCHQ (didn't they invent RSA years before R S and A?)

[ciphergoth.livejournal.com]

I think this was inevitable, given how much research has gone into this.

Not sure you can really reason about crypto like that - otherwise, we couldn't really have confidence in anything at any key length...

[lovingboth]

Yeah, but for factoring large numbers you're talking pure mathematics and ways to make things easier rather than easy.

[ciphergoth.livejournal.com]

Well, the same is true for finding discrete logarithms over elliptic curves or Schnorr groups, but the shortcuts there (in the general case) aren't up to much more than a square root of brute force attack (they're based on collision finding). I don't think I know what you're getting at. If every attack is always destined to be succeeded by an exponentially better one, we might as well give up and go home.