Re: [9front] auth/rsagen: bump bits to 4096

["Frank D. Engel, Jr." <fde101@fjrhome.net>]

Two different things:

2030 is the year that NIST is estimating that *conventional* computers 
will approach being powerful enough to make a 2048-bit RSA key 
sufficiently insecure.

Quantum computers are expected to be further out but are expected to 
break even 4096-bit RSA much more quickly than conventional computers 
would so teams are working to replace RSA completely with new algorithms 
- that is on a different (and less well-understood) timetable.


On 11/27/23 04:50, hiro wrote:
> this doesnt sound very beleivable. or has somebody succeeded to
> timetravel from 2030 and prove that there are usable quantum
> computers?
>
> i suggest not letting the quantumscarecrows onto this ml
>
> On 11/27/23, Frank D. Engel, Jr. <fde101@fjrhome.net> wrote:
>> This is the recommendation from NIST:
>>
>> https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf
>>
>> A 2048-bit RSA key has a "security strength" of 112 bits (page 54).
>>
>> NIST considers encryption with a security strength of 112 bits to be
>> acceptable protection through 2030 but not beyond that (page 59).
>>
>>
>> See also:
>> https://www.gradenegger.eu/en/which-key-sizes-should-be-used-for-certification-bodies-and-certificates/
>>
>> That document indicates that a German government security organization
>> considers less than 3000 bits with RSA to be unacceptable even now.
>>
>>
>> Of course, RSA is known to be vulnerable to an algorithm which could be
>> implemented on a sufficiently large quantum computer; while such a
>> computer is currently believed to be over a decade away, there have been
>> known cases of full encrypted exchanges being captured and stored for
>> longer periods of time than that to be decrypted after the technology
>> improves to be able to crack the data.  Depending on the sensitivity of
>> the information, this could be a factor for some.
>>
>>
>> There are groups making various efforts to develop new algorithms
>> designed to be safe against quantum computers:
>>
>> https://en.wikipedia.org/wiki/Post-quantum_cryptography
>>
>>
>>
>> On 11/26/23 19:42, ori@eigenstate.org wrote:
>>> Quoth Frank D. Engel, Jr. <fde101@fjrhome.net>:
>>>> Presumably 2048-bit RSA is good until 2030 - but that is less than 7
>>>> years away and keys created today may still be in use long past that
>>>> time.
>>> This is getting closer to a useful description of why,
>>> but can you explain *how* you concluded that these keys
>>> are good until 2030?
>>>
>>>
>>>
>>