Asymmetric Key sizes
Liaquat Khan
LKhan at zergo.com
Wed, 10 Feb 1999 17:52:42 -0000
The RSA challenge RSA-140, a 140-digit modulus (about 465-bits long) was
factored into two 70-digit prime numbers, using the Number Field Sieve(NFS),
recently, see http://jya.com/rsa140.htm.
512-bit keys were considered on the small size for a quite while now, but
they are definitely too close for comfort after this (although key length is
really dependent on the application, I feel, the (absolute) minimum key
length (for RSA) one should really use is 640-bits).
regards,
Liaquat Khan
-----Original Message-----
From: Parker Tom TA [mailto:Tom.A.Parker@icl.com]
Sent: 10 February 1999 15:02
To: 'ukcrypto@maillist.ox.ac.uk'
Subject: Asymmetric Key sizes
Although a lot is being said about the shrinking level of security offered
by various symmetric key sizes, with 56 bits coming in for a lot of stick,
haven't seen anything lately on asymmetric attacks. Has anyone any
information on the latest successful attack position on asymmetric keys, RSA
in particular? How secure is 512 bits considered now, and why? What's the
current recommended key size? Has anything been published that is later than
the now rather old (January 1996) "Report by the Ad Hoc Group of
Cryptographers and Computer Scientists"?
Thanks in advance,
Tom Parker
tom.a.parker@icl.com