Subject: Re: OpenSSH key size
To: Ted Unangst <>
From: Steven M. Bellovin <>
List: tech-security
Date: 09/15/2005 22:15:51
In message <Pine.BSO.4.61.0509152158060.29212@af.pbqrshfvbavf.pbz>, Ted Unangst
>On Thu, 15 Sep 2005, Michael Richardson wrote:
>> John Gilmore suggested that 2048 is the wrong number. One should add
>> ~100 to that number.  
>> The concept being, if someone builds a machine that can crack 2048-bit
>> numbers, it won't be able to do 2049-ones. A machine that can do 2049
>> may well be able to 4096. So, you get the brute-force resistance of 4096
>> (in terms of $$$ to build) without the cost. 
>> This is not a technical argument -- it is an economic one.
>hopefully there is some sort of technical argument to support this 
>"factoring machines only come in powers of two" idea?  without any more 
>detail, it kinda sounds like "256 bit keys are twice as hard to crack as 
>128 bit keys".

I don't believe there is any such limit.  However, the cost of these 
machines is *highly* non-linear in the key size.  

		--Steven M. Bellovin,