[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [resend] Use of DNS to distribute keys

To: kaufman@zk3.dec.com
Subject: Re: [resend] Use of DNS to distribute keys
From: "Perry E. Metzger" <pmetzger@lehman.com>
Date: Mon, 20 Sep 1993 10:42:05 -0400
Cc: pem-dev@tis.com, ipsec@ans.net, namedroppers@nic.ddn.mil
In-Reply-To: Your message of "Mon, 20 Sep 1993 10:01:59 EDT." <9309201402.AA02037@abyss.zk3.dec.com>
Reply-To: pmetzger@lehman.com


kaufman@zk3.dec.com says:
> >Make it into a 1024 bit key, the minimum you need for real security,
> 
> I couldn't let this pass.  With our current knowledge, 1024 is about
> the maximum useful RSA key size, not the minimum.  512 bits is plenty
> for most uses.

I would suggest that you have not been reading the crypto literature
of late. I will gladly provide references if you insist.

I know people who are using keys larger than 1024 bits -- they have no
trouble with them, since the RSA keys are only used to encrypt a
conventional key. I can't see a "maximum" useful size below about
5kbit, and that maximum will only rise.

Rumor I hear has it that the military uses 1024 bit keys and larger,
which makes me think that the open literature isn't wrong.

Perry

References:

Re: [resend] Use of DNS to distribute keys

From: kaufman@zk3.dec.com

Prev by Date: Re: [resend] Use of DNS to distribute keys
Next by Date: Re: [resend] Use of DNS to distribute keys
Prev by thread: Re: [resend] Use of DNS to distribute keys
Next by thread: Re: [resend] Use of DNS to distribute keys
Index(es):
- Main
- Thread