add links to estimates of brute-force-cracks on ECC

[Imported from Trac: page Bibliography, version 46]

Bibliography.md

@@ -19,6 +19,10 @@ Here are some papers that are potentially of interest.
 
 [ECC Brainpool Standard Curves and Curve Generation](http://tools.ietf.org/html/draft-lochter-pkix-brainpool-ecc-03) new elliptic curve parameters which come with a proof that they were generated deterministically and pseudorandomly from the first few bits of pi, as well as proofs that they are immune to certain other potential cryptographic weaknesses.
 
+[On the Security of 1024-bit RSA and 160-bit Elliptic Curve Cryptography](http://eprint.iacr.org/2009/389) crypto gurus try to predict whether 160-bit elliptic curve crypto can be brute-force-cracked in the next decade.  They conclude: "Right now most certainly not: 2.5 billion PS3s or equivalent devices (such as desktops) for a year is way out of reach. In a decade, very optimistically incorporating 10-fold cryptanalytic advances, still millions of devices would be required, and a successful open community attack on 160-bit ECC even by the year 2020 must be considered very unlikely."
+
+[The Certicom Challenges ECC2-X](http://eprint.iacr.org/2009/466) other crypto gurus launch an effort to brute-force-crack 130-bit and 160-bit ECC.
+
 ## Erasure Coding
 
 [a tutorial](http://www.cs.utk.edu/~plank/plank/gflib/index.html) and some