Slashdot Mirror

← Back to Stories (view on slashdot.org)

1024-bit RSA keys In Danger Of Compromise?

Posted by Hemos on from the well-of-course-they-are dept.

antiher0 writes "According to an email from Lucky Green that came across bugtraq yesterday, 1024-bit encryption should no longer be considered pristine. Bernstein released a proposal that outlines the creation of a machine capable of breaking 1024-bit crypto on the order of minutes or even seconds for the measly cost of ~$1B USD. For a more thorough discussion, check out the original email." Update: 03/26 03:16 GMT by T : And don't forget to revisit Bruce Schneier's analysis of Bernstein's claims, which cast doubt on the practicality of breaking such large keys anytime soon.

15 of 363 comments (clear)

  1. $1Billion by UnifiedTechs · · Score: 2, Funny

    for the measly cost of ~$1B USD.

    Is the company you work for hirring? God I wish I could call a billion dollars measly!!

    --
    iRepairIT - iPhone, Mac, & PC Repair
    1. Re:$1Billion by Gerdts · · Score: 2, Funny

      Sounds like a business plan. Let's go find some VCs!

  2. a billion here, a billion there by estes_grover · · Score: 1, Funny
    for the measly cost of ~$1B USD.

    Does this mean for $2B they could crack the 2048 bit key?

  3. It's funny, laugh. (IHNRTA) by Anonymous Coward · · Score: 3, Funny

    That's okay.

    I'm certain that qcrack will be poorly documented and require the addition of 5,000 users to whatever supercomputer it happens to operate properly on.

    Then DJB will speak incessantly about how it differs from other encryption cracking techniques with its "modular design" (which is actually the application of many patches in order to obtain features found in most SMTP daemons, err cracking programs). Yeah.

    (Disclaimer: I love qmail.)

  4. Break my crypto for $1B? by brer_rabbit · · Score: 5, Funny

    Don't waste your money. I'll sell my company's secrets for a fraction of that.

  5. Re:But what's a measily $1B for a government agenc by Anonymous Coward · · Score: 2, Funny

    i think he's plural

  6. Arbitrary costing = $1B by Nathdot · · Score: 5, Funny

    I can picture the scenario now:

    <TELEPHONE CORRESPONDANCE>
    SHADY GOVERNMENT OPERATIVE: So how much will this 1024 decryption system cost?
    PIMPLY TEEN HACKER: $1B US dollars to be deposited into my secure off-shore bank account and safe passage to the Maldives.
    SHADY GOVERNMENT OPERATIVE: Excellent. The money is being transferred as we speak. Begin work.
    </TELEPHONE CORRESPONDANCE>

    <PIMPLY TEEN HACKER INTERNAL MONOLOGUE>
    Sweet! I've just charged the US government 1 billion dollars for a beowulf cluster of dreamcasts running home-brew linux.
    </PIMPLY TEEN HACKER INTERNAL MONOLOGUE>

    <SHADY GOVERNMENT OPERATIVE INTERNAL MONOLOGUE>
    Sweet! We will retrieve the 1 billion dollars once we crack the secure off-shore bank account's 1024 bit encryption system
    </SHADY GOVERNMENT OPERATIVE INTERNAL MONOLOGUE>

    :)

  7. Yeah, right by Anonymous Coward · · Score: 1, Funny

    Yeah, very useful analogy.

    I can't imagine how big 2^256 is, but somehow I can picture the number of electrons in the universe.

  8. Re:Clearing up the deceptive intro by Tom7 · · Score: 5, Funny

    ...show that factoring 1024-bit length primes is doable for 1 billion dollars or so.

    Oops, Mr. Smarty Pants! I can factor 1024-bit primes for $0!

  9. Haha fools!!! by NoMoreNicksLeft · · Score: 4, Funny

    This is why I use 1025 bits. Suckers.

  10. Re:But can you prove that they are prime? by ajna · · Score: 3, Funny

    Yes. Use Euler's Theorem, with the extensions by Miller and Rabin. Sorry for being so humorless today.

  11. $1Billion wasted by 0x0d0a · · Score: 2, Funny

    The depressing thing is that probably a few goverments seriously would like to spend $1 billion to try to read something in an RSA encrypted format.

    Yet despite all that money and zillions of man-years being blown on reading stuff in such a format, no one has managed to go out, and no one is willing to spend the money to try to crack .DOC and produce software capable of reading it. A much, much easier problem but one that hasn't been done completely.

    There are so many *smarter* things to blow money on than cryptography that it blows the mind. Cryptography is a fun mind game, but frankly when this much money is being spent on it it's just ridiculous.

    You can bribe the people involved for less than $1 billion. Heck, buy up a private army and take over the building that has the information that you want.

    --
    May we never see th
  12. Re:Would obscurity be a solution? by Shiny+Metal+S. · · Score: 5, Funny
    As for layering in general. Well it works for the most part (e.g 3DES) although there are caveats (2DES would not be safe).
    That's correct. Once I wanted to make ROT13 stronger, so I decided to encrypt the message twice, but I discovered that 2ROT13 was actually less safe than ROT13. I finally used 3ROT13 and even 5ROT13 for the most sensitive data, however I'm not sure how much more secure is 5ROT13 than 3ROT13, but what the hell, the overhead is not very high.
    --

    ~shiny
    WILL HACK FOR $$$

  13. Gah, that public key is 10x longer than... by timecop · · Score: 0, Funny

    the post of that guy.
    Screw this 31337bit encryption, 10-line PGP keys are annoying enough, but imagine getting this shit in every email!

  14. Re:Would obscurity be a solution? by ipfwadm · · Score: 2, Funny

    5XORROT13

    Damn... that's the combination on my luggage!