March 26th, 2002, 07:37 PM
1024 RSA may be compromised
Upgrade to 2048-bit, says crypto expert
According to a security debate sparked off by cryptography expert Lucky Green on Bugtraq yesterday, 1,024-bit RSA encryption should be "considered compromised".
The machine proposed by Bernstein would be able to break a 1,024-bit key in seconds to minutes. But the security implications of the practical 'breakability' of such a key run far deeper.
None of the commonly deployed systems, such as HTTPS, SSH, IPSec, S/MIME and PGP, use keys stronger than 1,024-bit, and you would be hard pushed to find vendors offering support for any more than this.
What this means, according to Green, is that "an opponent capable of breaking all of the above will have access to virtually any corporate or private communications and services that are connected to the internet".
I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson