I saw this over on Slashdot yesterday and it certainly has raised some interesting questions.
According to a security debate sparked off by cryptography expert Lucky Green on Bugtraq yesterday, 1,024-bit RSA encryption should be "considered compromised".
The Financial Cryptography conference earlier this month, which largely focused on a paper published by cryptographer Dan Bernstein last October detailing integer factoring methodologies, revealed "significant practical security implications impacting the overwhelming majority of deployed systems utilising RSA as the public key algorithm".
Based on Bernstein's proposed architecture, a panel of experts estimated that a 1,024-bit RSA factoring device can be built using only commercially available technology for a price range of several hundred million to $1bn.
And as for the prohibitively high price tag, Green warned that we should keep in mind that the National Reconnaissance Office regularly launches Signal Intelligence satellites costing close to $2bn each.
"Would the NSA have built a device at less than half the cost of one of its satellites to be able to decipher the interception data obtained via many such satellites? The NSA would have to be derelict of duty to not have done so," he said.
The machine proposed by Bernstein would be able to break a 1,024-bit key in seconds to minutes. But the security implications of the practical 'breakability' of such a key run far deeper.
None of the commonly deployed systems, such as HTTPS, SSH, IPSec, S/MIME and PGP, use keys stronger than 1,024-bit, and you would be hard pushed to find vendors offering support for any more than this.
What this means, according to Green, is that "an opponent capable of breaking all of the above will have access to virtually any corporate or private communications and services that are connected to the internet".
BUT (there always has to be a but!!!) a comment from well known cryptographer Bruce Schneier casts doubt on Bernstein's findings in practical application. "It will be years before anyone knows exactly whether, and how, this work will affect the actual factoring of practical numbers," he said.
News source: vnunet
View: Slashdot article - 1024-bit RSA keys In Danger Of Compromise?