307 digit number factored
Victor Duchovni
Victor.Duchovni at MorganStanley.com
Wed May 23 00:48:19 EDT 2007
On Wed, May 23, 2007 at 02:45:49PM +1200, Peter Gutmann wrote:
> Victor Duchovni <Victor.Duchovni at MorganStanley.com> writes:
>
> >As 1024 RSA keys are not a major risk *today*,
>
> I would go further and say that for most applications of PKCs/PKI today, 1024-
> bit RSA keys are not a risk at all, or more specifically that on a scale of
> risk they're so far down the list that they're close to negligible.
Indeed, and since the certs I acquire from CAs today expire in a year,
I don't feel at all guilty about generating CSRs with 1024 bit keys.
Clearly, a public CA cert with a lifetime of 10-20 years is another
matter, but otherwise in most cases there is no need to panic. Not too
many organizations outside the TLAs are using RSA to encrypt multi-decade
secrets...
Software that will be in the field for a long time, should support
stronger keys and if possible alternative algorithms (say ECC), but
short-term authentication keys deployed today, are just fine as they are.
--
/"\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL Morgan Stanley confidentiality or privilege,
and use is prohibited.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list