Pubkeybreaker <email@example.com> writes: > On Jan 8, 8:46 am, mstem...@walkabout.empros.com (Michael Stemper) > wrote: > > In article <kc6gg1$au...@dont-email.me>, David Bernier <david...@videotron.ca> writes: > > >On 01/04/2013 12:01 AM, JT wrote: > > >> Does the RSA challenges have a given time complexity of factoring the > > >> primeproduct, or did they have one that changed during resent years? > > > > >The RSA challenge numbers are still available somewhere. > > >The contests for prize money has been discontinued. > > > > >I think many remain unfactored, as far as the general > > >public knows, i.e. outside cryptologic agencies and > > >government cipher schools. > > > > >They would deliberately choose n = p*q, p, q odd primes > > >with the digit length of p and q being about half that > > >of the composite number `n'. > > > > Not 'about half'. Exactly half.
What are you trying to defend against? If you think that your threat is an ECM-like factor-finding attack, then yes, the smaller one wants to be large, so you want the two factors to be very similar in size.
However, if you know your threat is a composite-splitting attack, like GNFS, then the size of the factors is less important, they don't *need* to be *exactly* the same length.
Were someone to ask you for a bit-op estimate for cracking a p98*p102 and a p100*p100, you'd give the same estimate, wouldn't you?
Of course, in practice, there's no reason not to not chose numbers of exactly the same length, but that's different from that condition being an absolute necessity.
Phil -- I'm not saying that google groups censors my posts, but there's a strong link between me saying "google groups sucks" in articles, and them disappearing.
Oh - I guess I might be saying that google groups censors my posts.