1024 bit encryption compromised?

carl w spitzer cwsiv_home1@juno.com
Tue Apr 9 06:52:01 2002 

Why 2048?
A friend who first gave me a copy of PGP said to use either 1023 or 2047
to make the mathmatics of factoring fail to the more common computer
routines.


           o                     _______________________________
         o      _____            |     CWSIV_HOME1@JUNO.COM    | 
       .][__n_n_|DD[  ====_____  | M A R K L I N   T R A I N S |
     >   (________|__|_[_________]_|___________________________|
    _/oo OOOOO oo`  ooo   ooo  'o!o!o                 o!o!o`

On Wed, 27 Mar 2002 17:15:59 +0100 (CET) "Oyvind A. Holm"
<sunny@sunbase.org> writes:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Found a disquieting article at <http://www.vnunet.com/News/1130451>:
>
>    1024-bit encryption is 'compromised'
>
>    Upgrade to 2048-bit, says crypto expert
>
>    According to a security debate sparked off by cryptography expert
>    Lucky Green on Bugtraq yesterday, 1,024-bit RSA encryption should
>    be "considered compromised".
>
>    The Financial Cryptography conference earlier this month, which
>    largely focused on a paper published by cryptographer Dan 
>Bernstein
>    last October detailing integer factoring methodologies, revealed
>    "significant practical security implications impacting the
>    overwhelming majority of deployed systems utilising RSA as the
>    public key algorithm".
>
>    Based on Bernstein's proposed architecture, a panel of experts
>    estimated that a 1,024-bit RSA factoring device can be built using
>    only commercially available technology for a price range of several
>    hundred million to $1bn.
>
>I guess this is the same thing that was discussed last week on this
>list. I'm not into this level of cryptoanalytics, but what do you 
>folks
>say about this? I guess there is no need to get upset of this, if Big
>Brother wants my bytes, I suppose he has other ugly ways to compromise
>the key -- bugging my flat or setting up some kind of scanners to
>analyze the keyboard radiation or maybe plain old violence. I doubt 
>the
>govs wants to use millions of euro to read my mail. But I admit it's
>damn irritating to read this now that I changed my key only one month
>ago. *grmpf*
>
>The question is floating around among us -- would it be wise to 
>upgrade
>to 2048 bits, or is this just speculations? Now that they're talking
>about this, I guess one should be a step ahead of the snoopers --
>especially when it comes to the future robustness of the signatures.
>
>Mvh
>=D8yvind
>
>+-------------------------------------------------------------------+
>| OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm <sunny@sunbase.org> 
>|
>| Fingerprint: DBE9 8D44 67F7 42AC 2CA1  7651 724E 9D53 6290 22EB   |
>+-------- Don't support organized crime, boycott Microsoft. --------+
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.0.6 (GNU/Linux)
>
>iD8DBQE8ofApck6dU2KQIusRAvgrAKCZKsw3w+VSzUyNOSlbsOWaT+CZyQCeOu9w
>au88KVPs3/rNsFvPkiASBlU=3D
>=3D+B5H
>-----END PGP SIGNATURE-----


________________________________________________________________
GET INTERNET ACCESS FROM JUNO!
Juno offers FREE or PREMIUM Internet access for less!
Join Juno today!  For your FREE software, visit:
http://dl.www.juno.com/get/web/.