2048-bit RSA keys

Jonathan Katz jkatz at cs.umd.edu
Tue Aug 17 01:46:01 EDT 2010

On Sun, 15 Aug 2010, Paul Hoffman wrote:

> At 9:34 AM -0700 8/15/10, Ray Dillinger wrote:
>> I'm under the impression that <2048 keys are now insecure mostly due
>> to advances in factoring algorithms that make the attack and the
>> encryption effort closer to, but by no means identical to, scaling
>> with the same function of key length.
> You are under the wrong impression, unless you are reading vastly different crypto literature than the rest of us are. RSA-1024 *might* be possible to break in public at some point in the next decade, and RSA-2048 is a few orders of magnitude harder than that.

Many on the list may already know this, but I haven't seen it mentioned on 
this thread. The following paper (that will be presented at Crypto 
tomorrow!) is most relevant to this discussion:
   "Factorization of a 768-bit RSA modulus",

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list