On Fri, Jun 10, 2011 at 07:46:24AM +1200, Joel Wiramu Pauling wrote:
On 06/09/2011 11:23 PM, Ewen McNeill wrote:
However the KSK bit size is on the sticker on the outside, and easily measurable, so is likely to be a point of
Having waded through this thread, I am going to offer an opinion - an opinion that, thus far has served me well.
If you are going to go through the hassle of deploying encryption; whether it be for security, or trust - then you might as well go through the effort of ensuring that use the highest available key sizing available.
I know there are a lot of technical and performance issues to consider, but as I said this little mantra makes sense based purely on increasing computational power gains. Why settle for something that may be compromised in 5 years when you can get 10 years to begin with.
-JoelW
Well - thats an easy answer for me: ) bigger keys == bigger packets == more cost of bandwidth ) bigger keys == bigger packets == more cost for CPU ) bigger keys -WITH THE SAME ALGORITHM- are vulnerable to cracks in the algo. So 10years is likely worthless for me. YMMV of course. /bill