RSA useless for encryption was: RE: RSA 1024 ridiculous

Brian Smith brian at briansmith.org
Wed Jun 20 13:49:36 CEST 2007


Snoken wrote:
> I checked with the source:
> http://www.rsa.com/rsalabs/node.asp?id=2004
> 
> In 2003 users of RSA 1024-bit keys were advised to drop them 
> before 2010. Now the situation is somewhat worse than it 
> looked in 2003.

That is not what the RSA website says. The website says, more-or-less,
everything that has ever been encrypted with an 1024-bit key will be
practically decipherable by 2010. That means, if you didn't want the
data you sent over a compromised channel to be readable by 2010, you
should have NEVER used RSA 1024 to start with. It does not mean "stop
using RSA 1024 in 2010."

Here's one way to think about it: If you have a E-commerce site, and you
are protecting credit card numbers using RSA 1024 + AES 128, you should
not accept any credit card that expires in 2010 or later. But, if you
take RSA's recommendation to heart, you are safe in accepting any card
that expires 2009 or earlier.

Similarly, that website says, more-or-less, if you use RSA 2048 to
protect data that you distribute, then that data will be protected until
~2030.

That is why I said that, if you want to protect data for your *entire
lifetime*, i.e. you don't want your data to be unprotected until after
you die, you need to use RSA 15K + AES, or switch algorithms altogether.
But, even now, if you have a secret that you want to keep for a year or
two, RSA 1024 + 3DES is more than sufficient protection, even against
very powerful entities.

Regards,
Brian




More information about the Gnupg-users mailing list