|
|
|
|
|
|
by tptacek
1075 days ago
|
|
|
Why would deploying 2048 bit RSA be a mistake? If you believe 2048 is threatened in a meaningful time frame, when 1024 hasn't even been broken (thus sort of implying that the collapse of 2048 will occur in a much shorter time frame than the one separating 512 and 1024), is there any realistic RSA key size that should make you comfortable? |
|
|
1. it's reasonable to assume the NSA is a decade ahead and has more computers than academia.
2. you want your secrets to last a decade (or longer)
3. the total amount of data you're encrypting per client is only 256 bits anyway (the size of a symmetric key) so the absolute performance impact is relatively minimal