[tor-dev] Discussion on the crypto migration plan of the identity keys of Hidden Services

Zack Weinberg zackw at panix.com
Fri May 17 16:37:16 UTC 2013

On Fri, May 17, 2013 at 11:29 AM, David Vorick <david.vorick at gmail.com> wrote:
> Why are so many bits necessary? Isn't 128bits technically safe against brute
> force?

Not for RSA keys.  A 1024-bit RSA key is considered approximately as
strong as an 80-bit symmetric key; 2048-bit keys are approximately as
strong as a 112-bit symmetric key, and are the present recommended
keysize.  See https://www.rsa.com/rsalabs/node.asp?id=2004

(I imagine we will also be considering other asymmetric algorithms for
this change, some of which provide more like the usual 1:1
keysize-to-security-parameter ratio.)


More information about the tor-dev mailing list