1024 RSA may be compromised

http://www.vnunet.com/News/1130451

Quote:

---

Upgrade to 2048-bit, says crypto expert
According to a security debate sparked off by cryptography expert Lucky Green on Bugtraq yesterday, 1,024-bit RSA encryption should be "considered compromised".

---

....

Quote:

---

The machine proposed by Bernstein would be able to break a 1,024-bit key in seconds to minutes. But the security implications of the practical 'breakability' of such a key run far deeper.

None of the commonly deployed systems, such as HTTPS, SSH, IPSec, S/MIME and PGP, use keys stronger than 1,024-bit, and you would be hard pushed to find vendors offering support for any more than this.

What this means, according to Green, is that "an opponent capable of breaking all of the above will have access to virtually any corporate or private communications and services that are connected to the internet".

---

yikes :eek:

Gee, to bad that means all your old files are now "broken" Anyone know how much it will cost to build this machine? I could propse a machie that will break 4096 Bit encryption a a minute, but the cost would be more then bill gates and the US government combined could afford.

actually the article says several hundreds of millions to 1billion...for me and you...i don't think so...for a hostile foreign gov't...a bargain to crack every piece of secured communications that are sent anywhere...military, financial, government....

Hmmm, how 'bout that. I imagine this new superciphersleuther will have already been in beta format somewhere in the basement of Ft. Meade ...or somewhere. If I were an international bank, or passing secrets thru the company net to outside concerns maybe it would be time to consider alternate means of passing sensitive info. Maybe a dual (or triple?) encryption process before transmission, maybe cutting every other bit of the message out to another file to be separately encrypted and sent later or by other means ... Or, what the heck, just write it out longhand and send it in care of nephew Guido. There, problem solved! :D

sure sure...but guido's on the gov't squeal list cause he got busted for possession...so he drops a copy of the note to a man in a dark suit sitting on a bench in a park...

but this shouldn't be a surprise....rule #one of security is we will never be completely secure...secure *enough* perhaps....

Well, actually, it's all been a serious game since way back when somebody taught the emporer how to write, and it suddenly became illegal for any commoner to be trained in that skill, on pain of death. The encryption skills over time just become more technical, sophisticated and expensive, and the intellectual and power challenge to break the secrets become even higher than the basic row of Mazlow's Hierarchy of Needs. But the stakes (discounting inflation and raw numbers of people) are probably still about the same; wars are won or lost, fortunes are made or lost, people and governments gain advantages or loose secrets they spent a lot of time and incredible amounts of money developing... etc. I still say there are a couple of ways to beat the BBBBBBBBBillion$$$$$ encryptionbuster.

Good thing I use 2048 bit encrypotion for most of my 'private' communications......hehehe

"Korp dodges another bullet" headlines read.

Its all a game of cat and mouse... Someone makes a key, Someone else cracks it.... It will go into a neverending cycle... Thats how new security programs, updates, and patches are made...

The price is estimated to several hundred million up to 1 billion *unless* they have or have access to a chip fab. The NSA, and nearly every intelligence agencies US and foriegn alike. Correct me if I'm wrong (and I'm sure you will), as of december 1998 there were 55 chip fabs in the US alone. It would be safe to say the NSA, and possibly itelligence agencies already have this technology in place, and the price tag was substantially lower than 1 billion.

Not sure if they have it in place or not, but I am pretty sure I remember something a few years back about the CIA working as "investment brokers" for a chip fab company. Along with a few other tech companies. I wish I could remember the "front end" name of the bank.....

There goes our security...AGAIN!..........
Nice post :D
- Noia