On 12/04/16 17:37, Rick Moen via luv-main wrote:
Quoting Trent W. Buck (trentbuck@gmail.com):
Because, like, RSA needs to be a lot longer than EC to provide the same security level.
but wonder if you can refer me to background materials about cryptographic strength.
Ecrypt have published a couple of reports on keysizes. A 512bit EC keysize is roughly equivalent to a 15424 bit RSA keysize. http://www.ecrypt.eu.org/ecrypt2/documents/D.SPA.20.pdf These are really just a statement of the mathematical difficulty of brute forcing the keys using the best current algorithms, eg a general number field sieve for prime factoring vs a naive meet-in-the-middle attack to find a discrete logarithm. There are no mathematical proofs of the hardness of any of these problems. As you point out, security also involves other factors - how well an algorithm has been examined by third parties, the soundness of the protocols, endpoint security, and so on. Glenn -- sks-keyservers.net 0x6d656d65