Hi Ewen On 9/06/2011, at 3:36 PM, Ewen McNeill wrote:
On 2011-06-09 15:25 , Jay Daley wrote:
Taking your engineering argument as a way forward - the largest RSA key to have been broken so far (that is publicly known) is 1023 bits and even that was a very special key. A 1280 bit key is 2^257 [stronger, so we have years]
You appear to be under the impression that advances in cryptographic key breaking only ever proceed at a linear pace, exactly matching Moore's Law improvements in equipment.
This is not the case.
That wasn't my intention. I'm aware of the crypto advances you've detailed below, but what I was hoping to illustrate is just how large the margin of improvement needs to be for a 1280 bit key to be regarded as unsafe, even taking into account the possibility of clever advances jumping forward the rate by several orders of magnitude. cheers Jay
Better cryptographic attacks are discovered from time to time that make it not just linearly easier to break a given key/cipher, but advance at the equivalent of many times "Moore's Law" gains at the stroke of a pen. This happened to MD5 about 5 years ago, hence my statement that it went at a moment from "a little weak, but okay for now" to "we have to change algorithms" in the release of a single research paper. (See, eg, http://en.wikipedia.org/wiki/MD5#Security for a summary of the events.)
For this reason, in cryptographic engineering, one allows not just a linear amount of margin for safety ("most we can break now is 1023-bit, Moores law doubles every 18 months, we need 3 years, so 1025-bits will be enough") but quite a bit more, in order to deal with the risk that 10%, 20%, or more, of the perceived key strength can be rendered irrelevant by a single research paper.
Ewen
-- Jay Daley Chief Executive .nz Registry Services (New Zealand Domain Name Registry Limited) desk: +64 4 931 6977 mobile: +64 21 678840