Understanding Problem with rsa min key length 1024

Stephen Harris lists at spuddy.org
Sat Apr 13 01:34:59 AEST 2019

On Fri, Apr 12, 2019 at 08:39:49AM -0400, Daniel Kahn Gillmor wrote:
> But even taking the labeling of the "key space" as you've given it, if
> your concern is that 1022 bits is too small of a key space (and it is,
> given how sparse primes are!), then the right approach in 2019 is to use
> 3072-bit keys (which you rightly point out are "only" choosing from a
> 3070-bit "key space"), not to quibble about whether it ought to be OK to
> select 2 as one of the factors.

FWIW, RSA 1024bit keys have approximately 80bits of strength.  RSA2048 is
112 bits (and is the minimum NIST requirement).  RSA3072 is 128bit.



More information about the openssh-unix-dev mailing list