[Cryptography] Fwd: freedom-to-tinker.com: How is NSA breaking so much crypto?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Fri Oct 16 10:39:35 EDT 2015


Dan McDonald <danmcd at kebe.com> writes:

>I also wonder how long it'll be until it works with 1536-bit modulii or
>larger.

Anything above 1024 bits is safe for some time yet.  For RSA (a less tough nut
to crack than the DLP):

  If you wanted to step beyond the 1024-bit key, you'd need to dedicate the
  entire Tianhe-2 supercomputer, the most powerful computer on earth at the
  time of writing, to breaking a single 1280-bit key (anything larger than
  that is out of reach, the Tianhe-2 only just has the resources to attempt a
  break on a 1280-bit key).

  Alternatively, you could just trojan or backdoor the server that you're
  interested in, which is what'll actually happen if someone wants to get in.
  Just the interest on the power bill from running the Tianhe-2 would be
  enough to bribe cleaning or maintenance staff to plug in a trojaned USB key
  for a minute or two.  And if you really are concerned about China secretly
  building a second Tianhe-2 and dedicating it to attacking your mail server,
  change your key once a year or so.  Or use a 1536-bit key.

As usual, XKCD says it better (and/or more succinctly) than I can:

https://xkcd.com/538/

As usual, XKCD says it better (and/or more succinctly) than I can:

https://xkcd.com/538/

In any case it's not the sooper-sikrit alien-technology NSA supercomputer you
need to worry about, it's the night janitor, the two dozen undisclosed 0days
in your VPN box, the fact that it was sent to you via standard Fedex, the fact
that it's controlled by Windows PCs, the fact the you allow BYOD devices to
connect to it, the fact that... well, you get the picture.

Peter.


More information about the cryptography mailing list