1024 bit encryption compromised?

Oyvind A. Holm sunny@sunbase.org
Wed Mar 27 17:18:02 2002

Hash: SHA1

Found a disquieting article at <http://www.vnunet.com/News/1130451>:

    1024-bit encryption is 'compromised'

    Upgrade to 2048-bit, says crypto expert

    According to a security debate sparked off by cryptography expert
    Lucky Green on Bugtraq yesterday, 1,024-bit RSA encryption should
    be "considered compromised".

    The Financial Cryptography conference earlier this month, which
    largely focused on a paper published by cryptographer Dan Bernstein
    last October detailing integer factoring methodologies, revealed
    "significant practical security implications impacting the
    overwhelming majority of deployed systems utilising RSA as the
    public key algorithm".

    Based on Bernstein's proposed architecture, a panel of experts
    estimated that a 1,024-bit RSA factoring device can be built using
    only commercially available technology for a price range of several
    hundred million to $1bn.

I guess this is the same thing that was discussed last week on this
list. I'm not into this level of cryptoanalytics, but what do you folks
say about this? I guess there is no need to get upset of this, if Big
Brother wants my bytes, I suppose he has other ugly ways to compromise
the key -- bugging my flat or setting up some kind of scanners to
analyze the keyboard radiation or maybe plain old violence. I doubt the
govs wants to use millions of euro to read my mail. But I admit it's
damn irritating to read this now that I changed my key only one month
ago. *grmpf*

The question is floating around among us -- would it be wise to upgrade
to 2048 bits, or is this just speculations? Now that they're talking
about this, I guess one should be a step ahead of the snoopers --
especially when it comes to the future robustness of the signatures.


| OpenPGP: 0x629022EB 2002-02-24 =D8yvind A. Holm <sunny@sunbase.org> |
| Fingerprint: DBE9 8D44 67F7 42AC 2CA1  7651 724E 9D53 6290 22EB   |
+-------- Don't support organized crime, boycott Microsoft. --------+

Version: GnuPG v1.0.6 (GNU/Linux)