let the flaming begin or Factoring Breakthrough?

Ingo Klöcker ingo.kloecker@epost.de
Thu Feb 28 00:40:02 2002

Hash: SHA1

On Wednesday 27 February 2002 14:24, Janusz A. Urbanowicz wrote:
> Ingo [Kl_cker] wrote/napisa³[a]/schrieb:
> -- Start of PGP signed section.
> > I doubt it very much. Hundreds of cryptography experts all over the
> > world are at most making baby steps on improving factoring
> > algorithms. And now the author of qmail (is he a mathematician?)
> > found out how to factor integers faster? That's not very likely. Do
> > you have a link where Dan Bernstein describes his breakthrough?
> First, he is a mathematician and a cryptographer. On the Internet he
> is mostly known for qmail and his personal attitude, but he is also
> one of 'first wave' of crypto researchers, and a cryptographer
> (author of Snuffle algorithm over which he is still in court with US
> Gov't).

Sorry for doubting that he was a mathematician.

> The paper in question is actually here I suppose:
> http://cr.yp.to/papers/nfscircuit.ps


> And I thing raising the warning limits for RSA key generation would
> be a Right Thing.

O.k., I read the paper. What Dan does is propose the usage of a special 
computer (instead of a general-purpose computer) which can sort in 
linear time (by parallelization) for one of the steps in the Number 
Field Sieve Algorithm. By this the average factorization time could 
indeed be drastically reduced. The only problem is that this machine 
doesn't exist yet. Of course the NSA could easily built such a machine. 
So if you have to hide information from the NSA you'd better use 
stronger RSA keys. Otherwise your 1024 bit RSA keys are still safe 
enough. New RSA keys should IMO nevertheless have at least 2048 bits.

Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org