Slashdot Mirror

← Back to Stories (view on slashdot.org)

TWIRL: Are 1024-bit RSA Keys Unsafe?

Posted by jamie on from the upward-not-forward-and-always... dept.

This came across the Interesting-People list today: a preliminary draft of a paper, co-authored by Adi Shamir, that proposes new hardware for factoring large numbers. It is claimed that a machine could be built which would be "3-4 orders of magnitude more cost effective than the best previously published designs," and that "the NFS sieving step for 1024-bit RSA keys can be completed in less than a year by a $10M device." For background, here's a primer on key length in symmetric and asymmetric crypto.

4 of 204 comments (clear)

  1. They're safe enough by Anonymous Coward · · Score: 5, Insightful

    For most things for the near future. It's still plenty to prevent Joe Cracker from intercepting my SSL connection and decrypting it. Sure, a few large groups will have the ability to do it in a "reasonable" time, but, that's probably right anyway. If I have something that's worth $10 million and a year to crack, well, I should probably be encrypting it with a 2048 bit key.

    1. Re:They're safe enough by Kaa42 · · Score: 5, Insightful

      This does have further implications than simply breaking encyption though, concider that much of PKI relies on the same problem (the difficulty of factoring large numbers).

      I did a quick check and atleast Amazon, Ebay and Yahoo all use 1024 bit RSA certificates, by turning my machine to crack those I could impersonate any of those. I also checked the root certificate of Verisign installed in my browser and found it was also a 1024 bit RSA certificate (well 1000 bits actually). Meaning I could be printing valid certificates for anyone, looking like they came from the real deal.

      There is a lot hanging on the difficulty of factoring large numbers.

      --
      .oO Kaa Oo.
  2. This should be obvious by Dr.+Photo · · Score: 5, Insightful

    If you have sensitive information, you want to encrypt it based on what you think will be difficult to crack years from now, not just today. Otherwise, interested third parties can simply store away an intercepted transmission until it becomes technologically feasible to crack it.

  3. make a bigger key by jdkane · · Score: 5, Insightful
    NFS sieving step for 1024-bit RSA keys can be completed in less than a year by a $10M device

    So at this moment in time they *may* have the ability to crack a few hundred keys in one person's lifetime. (Remember, the machine is theoretical). That's a lot of money and time to crack relatively few keys, using a machine that doesn't exist. Maybe it would be worthwhile to use against AlQueda. As for the rest of us here on /., we probably don't have much to worry about. If you are worried then make a 2048-bit key for yourself. Case closed ... until a few years down the road. Then do the same again.

    Wouldn't it be nice if instead of focusing on the problem ("1024 is unsafe!"/"the government might find the password to my hotmail account!") we focused on the solution ("make a bigger key!"/"don't inherently trust technology to be the final solution").

    We can quip about 1024 being unsecure just like a few years ago we quiped about 512 being unsecure. That's why the key lengths keep going up. Any encryption is a preventative measure, not an absolute.

    So Are 1024-bit RSA Keys Unsafe.
    Right now, the answer would be No, they are not unsafe, relatively.