Subject: Re: OpenSSH key size
To: Ted Unangst <firstname.lastname@example.org>
From: Steven M. Bellovin <email@example.com>
Date: 09/15/2005 22:15:51
In message <Pine.BSO.firstname.lastname@example.org>, Ted Unangst
>On Thu, 15 Sep 2005, Michael Richardson wrote:
>> John Gilmore suggested that 2048 is the wrong number. One should add
>> ~100 to that number.
>> The concept being, if someone builds a machine that can crack 2048-bit
>> numbers, it won't be able to do 2049-ones. A machine that can do 2049
>> may well be able to 4096. So, you get the brute-force resistance of 4096
>> (in terms of $$$ to build) without the cost.
>> This is not a technical argument -- it is an economic one.
>hopefully there is some sort of technical argument to support this
>"factoring machines only come in powers of two" idea? without any more
>detail, it kinda sounds like "256 bit keys are twice as hard to crack as
>128 bit keys".
I don't believe there is any such limit. However, the cost of these
machines is *highly* non-linear in the key size.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb