[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [resend] Use of DNS to distribute keys

To: kaufman@zk3.dec.com
Subject: Re: [resend] Use of DNS to distribute keys
From: smb@research.att.com
Date: Mon, 20 Sep 93 10:56:44 EDT
Cc: pmetzger@lehman.com, pem-dev@tis.com, ipsec@ans.net, namedroppers@nic.ddn.mil

	 >Make it into a 1024 bit key, the minimum you need for real security,

	 I couldn't let this pass.  With our current knowledge, 1024 is
	 about the maximum useful RSA key size, not the minimum.  512
	 bits is plenty for most uses.  It is roughly where DES was 15
	 years ago: perhaps NSA can afford to break it but no one else
	 can.  If you're worried about NSA, 640 bits is entirely
	 adequate unless they know some mathematics the rest of us
	 don't.

I think it's safe to assume that NSA does indeed know more math.  Remember
that they'll permit 512-bit RSA to be exported easily.  That, to me,
speaks volumes...

Where the cutoff is, I couldn't say, but I assume they left themselves
some margin.

Prev by Date: Re: [resend] Use of DNS to distribute keys
Next by Date: Re: [resend] Use of DNS to distribute keys
Prev by thread: Re: [resend] Use of DNS to distribute keys
Next by thread: Re: Use of DNS to distribute keys
Index(es):
- Main
- Thread