Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Because 4096 bit RSA is a lot slower and bigger and those things matter. And there isn't any upside? If you're actually worried about 2048-bit RSA (and you should not be), you should switch to one of the elliptic curve schemes.


All other things equal, 256-bit elliptical curve cryptography is going to break before RSA2048 does with quantum computing advances.

Do NOT switch to ECC if your threat model includes a quantum computer arriving.

Either use larger RSA keys or more appropriately a hybrid signature scheme combining one of NIST's PQC signatures and a traditional algorithm.

https://csrc.nist.gov/Projects/post-quantum-cryptography/sel...


I'm not actually sure about this. the elliptic curve schemes are just as broken with quantum computers, and the larger key size of rsa seems like it might add a few years of overhead in terms of qbits needed. not an expert though




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: