Math Advance Suggest RSA Encryption Could Fall Within 5 Years

holy_calamity writes "The two encryption systems used to secure the most important connections and digital files could become useless within years, reports MIT Technology Review, due to progress towards solving the discrete logarithm problem. Both RSA and Diffie-Hellman encryption rely on there being no efficient algorithm for that problem, but French math professor Antoine Joux has published two papers in the last six months that suggest one could soon be found. Security researchers that noticed Joux's work recommend companies large and small begin planning to move to elliptic curve cryptography, something the NSA has said is best practice for years. Unfortunately, key patents for implementing elliptic curve cryptography are controlled by BlackBerry."

RSA = out of date

[girlintraining]

The RSA encryption has been depreciated for years now. Hell, back in 2000 we were saying that DES was insecure, and triple-DES was just a stop-gap. Everyone's been switching to AES for awhile now. This isn't news.

Every encryption scheme has to balance performance and security; And we balance it so that in the next 5, 10, 50, or however many years, advances in technology won't render the data vulnerable in the interim. It's basic engineering. It's like building a safe -- you can't stop it from being broken, but you can make it so that it takes time. Hopefully enough time to get additional resources to the site to stop the thieves. There is no such thing as an uncrackable safe... or an encryption scheme.

The goal is to make sure it takes long enough that by the time they get in, either the men with shotguns have arrived, or whatever it was protecting is now useless to them. If you don't understand this fundamental rule of security, then perhaps this article is newsworthy... but to anyone who works with information security... it's just confirmation of existing methodology.