RSA 1024 ridiculous

Robert J. Hansen rjh at sixdemonbag.org
Sat Jun 16 19:47:25 CEST 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1

I'll get back to this bit in a moment.  ;)

> I suppose this means that 1024 bit RSA-keys are ridiculous and the
> Open PGP Card is a joke.

Not necessarily.  There's certainly a strong argument to be made for  
moving to RSA-2048, but just because something is susceptible to an  
attack involving an enormous amount of horsepower doesn't mean that  
it's useless.  As an example, you apparently have no objection to  
signing with SHA1, despite the fact it's subject to an attack  
requiring a work factor of about 2**63... which is in the same  
ballpark as factoring RSA-1024.

If it takes over a CPU-century of number crunching and  
extraordinarily special mathematical properties to be able to break  
RSA-1024, then I think the RSA-1024 keys I use for secure SMTP are  
just fine.  Likewise, credit card transactions secured by RSA-1024  
SSL certs are probably just fine for now; there are far, _far_ easier  
ways to get credit card numbers than to rent a year of supercomputing  
time just to get the key to _one_ web site.

We should be migrating to RSA-2048, sure.  Just like we should be  
migrating to SHA256.  But it's not the case that RSA-1024 is  
'ridiculous' or the OpenPGP card is 'a joke'.


- --
Robert J. Hansen <rjh at sixdemonbag.org>

"Most people are never thought about after they're gone.  'I wonder
where Rob got the plutonium?' is better than most get." -- Phil Munson



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iFYEAREIAAYFAkZ0Ii0ACgkQf2XByo0Cu7PikgDffNZ71tKX/GnkIyVX77tE2r3K
sXCIx8vqn4oblwDghCzUjJvxGNS7btDhE+qlLTuXbUouMgoQqfafvYkBHAQBAQgA
BgUCRnQiLQAKCRC3APSC/q+BCS0dB/44AJ68utpLuk3jRmt0gBQbcRNSERLX3G79
FCBH7ReBhYCc6luJR0OGsdOb0DfVVStfot7DkvTsXIc+YHeE3U9JAmaSqrVD9Qwm
y40uTu9PXM/87k17nUtTN6S5OLo0IX0IA2pXqde+cY1gA7lz3fBFN5XUUrCnC1W9
ZUoekK7bV9JheL7//QHkmflkgOnLaA/+0Iq1V5+9rjM0ySSNvQvijFUjcivL3UAN
CsD/a09GOtiFxwFzrx7+56imd3H+j5tRfhmIhCc5l+ZQnZGSEhnVl249W7EYRXbj
+faV9LY3wBkMvH14bKdkgoLfCqHNX2XmGkjWigztcro1cSfGn34N
=YHhO
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list