On 09/25/2017 01:54 AM, Mark D. Baushke wrote:
With the group18 8192-bit MODP prime, we are getting just under 192-bits of security... depending on how you calculate it. (I think I read somewhere that, going to 16384 (2^14) will get us to approximately 229-bits of security and 32768 (2^15) will get us to almost 267-bits of security, but I am unable to find the reference right now.... sigh.)
According to NIST Special Publication 800-57, Part 1, Revision 4, p. 53, (http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf), a 7680-bit modulus is estimated to provide 192 bits of security. Hence, a 8192-bit modulus would provide a little over 192.
It also estimates that 256-bits of security is achieved with 15360-bit moduli.
- Joe _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev