From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Wed, 29 May 1996 08:15:58 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: Layman's explanation for limits on escrowed encryption ...
In-Reply-To: <Pine.LNX.3.93.960527203358.1163A-100000@gak>
Message-ID: <9605281800.AA00525@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Mark M. <markm@voicenet.com> writes:
>  The normal key-length recommendation was 96 bits.  64 bits
>  and 80 bits are equivalent to 512 bits and 768 bits respectively.
>  I would guess that a 1024-bit key is about as strong as an
>  96-bit key.  The first two numbers are from _Applied
>  Cryptography_; my estimate is an extrapolation from the data
>  = in AC.

These number should be qualified with the date on which the estimate was  
determined.  New factoring techniques increase the number of RSA key bits  
required to make factoring work equivalent to a given brute-force search.

Also, I would think that the NFS makes 512 bit RSA key factoring easier than  
brute-forcing 64-bits of key space...


andrew