Re: ECC in Botan?




"Ertugrul Söylemez" <es@xxxxxxxx> wrote in message
news:h73at4$r2d$1@xxxxxxxxxxxxxxxxxx
George Orwell schrieb:
"Ertugrul S?ylemez" <es@xxxxxxxx> wrote in message
news:h72ulp$bm5$1@xxxxxxxxxxxxxxxxxx
George Orwell schrieb:
Why do you need RSA-4096? Why are RSA-2048 or RSA-1536 inadequate?
My goal is to create an encryption protocol whose strength is
beyond
reproach and hopefully will never need a second version.
Then using RSA-4096 is the wrong way to go. What you want is not
extraordinarily large key sizes, but a flexible protocol, which can
be
adapted to future needs.

My protocol already allows multiple versions, but I'm hoping that I
never need to update it. That's why I'm choosing enormous key-sizes.
My
goal is for the protocol to be safe for the next 50 years, taking
exception to the fact that a Quantum Computer may be developed during
that time span, which will most likely make both AES and RSA
worthless.

Quantum computers don't defeat AES. Where n is size of the domain of an
injective function, a quantum computer finds preimages of it in sqrt(n)
steps. This means that it breaks AES-128 in 2^64 steps. I have read
somewhere that such a step will take a considerable amount of time. If
you want to make sure, use AES-192.


If that's true, wouldn't that argue in favor of cascading AES with,
say, Serpent?

.