Beyond Curve25519

Robert J. Hansen rjh at
Sun Jan 25 21:57:44 CET 2015

> The cryptographic community reached consensus a decade ago that a 
> 1024-bit RSA key can be broken in a year by an attack machine costing
> significatly less than 10^9 dollars.

Yes, but the idea of whether something is assailable involves more than
technical capability.  Economics comes into it.

Secrets tend to lose value over time.  In the early '60s my grandfather
had a secret recipe for venison stew that half the town wanted; today
you'd be hard-pressed to find anyone outside my family who even
remembers.  Even things like 1960s nuclear weapon designs have lost
their value.

So if you have a secret today, its worth a year from now needs to still
be high enough not just to warrant all the electricity bills from
running the keycracker for a year -- but it has to be higher than that
of every other RSA-1024 key which the attacker might also want to break.

I don't recommend using RSA-1024.  I'd rather trust "we have no idea how
to break this" than I would trust "we have no idea how to break this
cost-effectively."  But that said, unless you're trafficking in
extremely high-value secrets you're still safe with RSA-1024.

For today, at least.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3744 bytes
Desc: S/MIME Cryptographic Signature
URL: </pipermail/attachments/20150125/2e912190/attachment-0001.bin>

More information about the Gnupg-devel mailing list