Cryptographic keys RSA vs Eliptic Curve Cryptography

Is there anyone here who uses cryptographic keys? If so which ones do you use and in what way; i.e,… software or linux cli ? Which one is superior; RSA or ECC?

How long will it take until quantum computers are able to render GNU PG, GPG or PGP keys useless?

Are there any takers for these questions?

None of them are secure against quantum computers. All the three -RSA, ECC and Diffie-Hellman.

Supersingular isogeny Diffie–Hellman key exchange (ECC crypto over finite field) claimed of being quantum resistant, but later got broken by a laptop.

ECC Diffie-Hellman and RSA should not be used as it can be defeated using Shor’s algo on Quantum computers. I understand the use of ECC as it’s very fast but RSA is very slow (it’s algorithm makes me wanna throw up).

Usage of NTRU-Encrypt or RLWE-KEX should become more mainstream as they are quantum resistant algo.

None of them. RSA is slow as a turtle and is susceptible to Chosen-ciphertext attack - Wikipedia ECC is susceptible to side channel attacks.

As of right now, they are both unbreakable. When they can be broken, both of them will be broken. Go with ed25519 to have cool and short keys for the time being until PQC becomes standardized.

PS: Did not see the question of when they will be broken. I dont know to be honest. Right now the highest broken RSA is RSA-250 with 829 bits archive

If I had to guess, RSA 2048 would be safe until 2030’s but by then we would have much faster, (hopefully) smaller keys and generally more secure algorithms being standardized with generating RSA/ECC keys requiring probably obsolete apps. Thanks for the reminder @Dom0

OP here took quantum commuters into account.

Ed25519 has mitigations for side channel attacks and is in general good for usage and security when we are not talking quantum computers.

Plain RSA is very insecure. RSA keys therefore must be padded. Use RSA4098 if you plan on using it. Since it relies on multiplying large primes and the mathematical difficulty in factoring them makes it slow and useless against Quantum Computers.

No, RSA 768 has been broken.

RSA-768 = 3347807169895689878604416984821269081770479498371376856891243138898288379387
        × 3674604366679959042824463379962795263227915816434308764267603228381573966651

Oh, I see. My bad. Can you give the page you got that from, by any chance?

1 Like