2048-bit RSA keys
Jonathan Katz
jkatz at cs.umd.edu
Tue Aug 17 01:46:01 EDT 2010
On Sun, 15 Aug 2010, Paul Hoffman wrote:
> At 9:34 AM -0700 8/15/10, Ray Dillinger wrote:
>> I'm under the impression that <2048 keys are now insecure mostly due
>> to advances in factoring algorithms that make the attack and the
>> encryption effort closer to, but by no means identical to, scaling
>> with the same function of key length.
>
> You are under the wrong impression, unless you are reading vastly different crypto literature than the rest of us are. RSA-1024 *might* be possible to break in public at some point in the next decade, and RSA-2048 is a few orders of magnitude harder than that.
Many on the list may already know this, but I haven't seen it mentioned on
this thread. The following paper (that will be presented at Crypto
tomorrow!) is most relevant to this discussion:
"Factorization of a 768-bit RSA modulus",
http://eprint.iacr.org/2010/006
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list