1024 bit encryption compromised?
Oyvind A. Holm
Wed Mar 27 17:18:02 2002
-----BEGIN PGP SIGNED MESSAGE-----
Found a disquieting article at <http://www.vnunet.com/News/1130451>:
1024-bit encryption is 'compromised'
Upgrade to 2048-bit, says crypto expert
According to a security debate sparked off by cryptography expert
Lucky Green on Bugtraq yesterday, 1,024-bit RSA encryption should
be "considered compromised".
The Financial Cryptography conference earlier this month, which
largely focused on a paper published by cryptographer Dan Bernstein
last October detailing integer factoring methodologies, revealed
"significant practical security implications impacting the
overwhelming majority of deployed systems utilising RSA as the
public key algorithm".
Based on Bernstein's proposed architecture, a panel of experts
estimated that a 1,024-bit RSA factoring device can be built using
only commercially available technology for a price range of several
hundred million to $1bn.
I guess this is the same thing that was discussed last week on this
list. I'm not into this level of cryptoanalytics, but what do you folks
say about this? I guess there is no need to get upset of this, if Big
Brother wants my bytes, I suppose he has other ugly ways to compromise
the key -- bugging my flat or setting up some kind of scanners to
analyze the keyboard radiation or maybe plain old violence. I doubt the
govs wants to use millions of euro to read my mail. But I admit it's
damn irritating to read this now that I changed my key only one month
The question is floating around among us -- would it be wise to upgrade
to 2048 bits, or is this just speculations? Now that they're talking
about this, I guess one should be a step ahead of the snoopers --
especially when it comes to the future robustness of the signatures.
| OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm <firstname.lastname@example.org> |
| Fingerprint: DBE9 8D44 67F7 42AC 2CA1 7651 724E 9D53 6290 22EB |
+-------- Don't support organized crime, boycott Microsoft. --------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
-----END PGP SIGNATURE-----