[cryptography] [Cryptography] RSA equivalent key length/strength

ianG iang at iang.org
Thu Sep 19 05:32:40 EDT 2013

On 19/09/13 00:23 AM, Lucky Green wrote:
>> I get that 1024 bits is about on the edge, about equivalent to 80
>> bits or a little less, and may be crackable either now or sometime
>> soon.
> Moti Young and others wrote a book back in the 90's (or perhaps) 80's,
> that detailed the strength of various RSA key lengths over time. I am
> too lazy to look up the reference or locate the book on my bookshelf.
> Moti: help me out here? :-)

these days keylength.com is your friend :)  It tends to be 
internationalised so there is less bias.

> According to published reports that I saw, NSA/DoD pays $250M (per
> year?) to backdoor cryptographic implementations. I have knowledge of
> only one such effort. That effort involved DoD/NSA paying $10M to a
> leading cryptographic library provider to both implement and set as
> the default the obviously backdoored Dual_EC_DRBG as the default RNG.

Bingo!  The dots are now filled in.  NSA -> NIST -> supplier.

That's precisely what I would do if I were them:


> This was $10M wasted. While this vendor may have had a dominating
> position in the market place before certain patents expired, by the
> time DoD/NSA paid the $10M, few customers used that vendor's
> cryptographic libraries.
> There is no reason to believe that the $250M per year that I have seen
> quoted as used to backdoor commercial cryptographic software is spent
> to any meaningful effect.

Somewhat fun to enjoy salacious results from their keystone cops antics, 
yes, but the important thing is to develop the threat model.  Having 
some clear line of the process clarifies it immensely.

We now have to review NIST in its entirety.


More information about the cryptography mailing list