Re: [tor-dev] Discussion on the crypto migration plan of the identity keys of Hidden Services

On Fri, May 17, 2013 at 11:29 AM, David Vorick david.vorick@gmail.com wrote:

Why are so many bits necessary? Isn't 128bits technically safe against brute force?

Not for RSA keys. A 1024-bit RSA key is considered approximately as strong as an 80-bit symmetric key; 2048-bit keys are approximately as strong as a 112-bit symmetric key, and are the present recommended keysize. See https://www.rsa.com/rsalabs/node.asp?id=2004

(I imagine we will also be considering other asymmetric algorithms for this change, some of which provide more like the usual 1:1 keysize-to-security-parameter ratio.)

zw