[Cryptography] Anyone have information on Export 1024 RSA?
Ray Dillinger
bear at sonic.net
Tue Jan 26 18:07:30 EST 2016
On 01/26/2016 12:19 PM, Ryan Carboni wrote:
> It seems like the NSA would have been able to crack 1024 RSA up to ten
> years ago if true.
>
>
I think it would still take them at least weeks to break a 1024
bit RSA key. Export Grade, when that was a thing, restricted RSA
to 512 bit keys.
With the usual "worst realistic case" compute capabilities ascribed
to state-level threats, it would take years to break a 1024 bit key.
The problem here is that state-level threats deal in bulk, and
the amount of compute power required per RSA key broken is much
less if you're committed to breaking a bunch of them.
The major expense is the sieving step, which can be done once.
And it's a "reasonable" assumption, IMO, that the NSA, or their
counterparts in China or Russia or wherever else, started
sieving within a couple of months after the RSA cryptosystem was
first announced and have never stopped. This would require
factoring algorithms that were way ahead of the curve back in
1980, but state-level threats could be considered to be the
most likely to have had such capabilities and not announced them.
If that only-somewhat-paranoid bet is in fact true, then by this
time, it isn't terribly unlikely that someone has built the data
structure needed to use similarly staggering compute resources to
take 1024 bit keys in a few weeks.
And they're telling us to look out for Quantum Algorithms now. If
there's a good reason for that concern, then RSA has a very uncertain
future regardless of key size.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160126/108ab700/attachment.sig>
More information about the cryptography
mailing list