undefined | Better HN

0 pointsmasklinn6y ago0 comments

https://blog.trailofbits.com/2019/07/08/fuck-rsa/ covers that.

The executive summary is that while it's possible to implement and use RSA properly:

* it looks easy to implement so it's common for people to roll their own (and then it's insecure or broken), ECC look hard (though aren't necessarily) so devs are more likely to use properly vetted libraries

* because most of the parameters must be kept secret, good advice is hard to find (and good parameter selection is absolutely critical), not to mention e.g. good exponents has complexity and performance implications[0], ECC parameters are public and you can pick existing good ones.

[0] and security grows sub-linearly with parameter size: 2048-bit RSA has 112 bits of security, 4096-bit RSA has 140 bits of security

0 comments

cpach6y ago

That article was discussed on HN about a week ago and there are some interesting comments on that thread: https://news.ycombinator.com/item?id=20381779

j / k navigate · click thread line to collapse

0 pointsmasklinn6y ago0 comments

https://blog.trailofbits.com/2019/07/08/fuck-rsa/ covers that.

The executive summary is that while it's possible to implement and use RSA properly:

[0] and security grows sub-linearly with parameter size: 2048-bit RSA has 112 bits of security, 4096-bit RSA has 140 bits of security