1024-bit RSA keys In Danger Of Compromise?

← Back to Stories (view on slashdot.org)

1024-bit RSA keys In Danger Of Compromise?

Posted by Hemos on Monday March 25, 2002 @01:05PM from the well-of-course-they-are dept.

antiher0 writes "According to an email from Lucky Green that came across bugtraq yesterday, 1024-bit encryption should no longer be considered pristine. Bernstein released a proposal that outlines the creation of a machine capable of breaking 1024-bit crypto on the order of minutes or even seconds for the measly cost of ~$1B USD. For a more thorough discussion, check out the original email." Update: 03/26 03:16 GMT by T : And don't forget to revisit Bruce Schneier's analysis of Bernstein's claims, which cast doubt on the practicality of breaking such large keys anytime soon.

4 of 363 comments (clear)

Min score:

Reason:

Sort:

Re:previously reported by bourne · 2002-03-25 13:26 · Score: 3, Interesting

It seems to me that this story is hitting slashdot because, well, it hit slashdot.

The original was passed around a few small mailing lists, where it got some comment but nothing big. Then it hit slashdot a month ago, and the number of places I saw it popping up increased. I also saw a story about DJB cranking at some reporter for misunderstanding the exact nature of the information, which tells me that someone thought it was suddenly big enough to have a reporter look into.

And now, perhaps based on all this "publicity," Lucky Green or whoever is setting up discussion of it at some conference and revoking his old key. Note that he didn't do it a month ago, when the story was on all the crypto lists - presumably the more attention it got, the more real it became.

Maybe I'm off base here, but I think this is one of those examples of the media gestalt manipulating and being manipulated by the media consumers - the story had to get big before it could be taken seriously, and it had to be taken seriously before it could get big... and the slashdot story a month ago was probably one of the bigger steps along the way.

The slashdot effect... It isn't just for websites anymore!
Re:$1Billion by Mr.+Flibble · 2002-03-25 14:09 · Score: 3, Interesting

It *is* a measly sum - as the email says - how many government agencies have this sort of funding? More than just a couple of US agencies that's for sure.

Exactly.

For those of you who would like a breakdown of how a system like this would work, you may want to read Cracking DES by the Electronic Frontier Foundation. (Note, this book is out of print, but the EFF has made versions available online.)

It discusses building a computer from scratch that can crack DES quite fast. This same principle can be applied to any brute-force technique. And if the cost is $1Billion now, it will be considerably less in a few years.

--
Try to hack my 31337 firewall!
Re:Break my crypto for $1B? by suso · 2002-03-25 14:30 · Score: 3, Interesting

This would be an interesting Slashdot poll. "How much do you consider your most sensitive data to be worth?"

$1
$100
$1000
$10000
$100000
$100000000
Mo re than Cowboy Neil has.
Re:Would this be a solution? by mosch · 2002-03-26 01:57 · Score: 3, Interesting

524,288Tb of resiliant storage is only $1b at current prices, and that's dropping rapidly. If historical trends continue, it'll be $1m in about a decade, and it will be included standard in the PlayStation 9.