Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: 1024 RSA may be compromised

  1. #1
    Senior Member
    Join Date
    Jan 2002
    Posts
    682

    1024 RSA may be compromised

    http://www.vnunet.com/News/1130451

    Upgrade to 2048-bit, says crypto expert
    According to a security debate sparked off by cryptography expert Lucky Green on Bugtraq yesterday, 1,024-bit RSA encryption should be "considered compromised".
    ....

    The machine proposed by Bernstein would be able to break a 1,024-bit key in seconds to minutes. But the security implications of the practical 'breakability' of such a key run far deeper.

    None of the commonly deployed systems, such as HTTPS, SSH, IPSec, S/MIME and PGP, use keys stronger than 1,024-bit, and you would be hard pushed to find vendors offering support for any more than this.

    What this means, according to Green, is that "an opponent capable of breaking all of the above will have access to virtually any corporate or private communications and services that are connected to the internet".
    yikes
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  2. #2
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,883
    Gee, to bad that means all your old files are now "broken" Anyone know how much it will cost to build this machine? I could propse a machie that will break 4096 Bit encryption a a minute, but the cost would be more then bill gates and the US government combined could afford.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    682
    actually the article says several hundreds of millions to 1billion...for me and you...i don't think so...for a hostile foreign gov't...a bargain to crack every piece of secured communications that are sent anywhere...military, financial, government....
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  4. #4
    Senior Member The Old Man's Avatar
    Join Date
    Aug 2001
    Posts
    364
    Hmmm, how 'bout that. I imagine this new superciphersleuther will have already been in beta format somewhere in the basement of Ft. Meade ...or somewhere. If I were an international bank, or passing secrets thru the company net to outside concerns maybe it would be time to consider alternate means of passing sensitive info. Maybe a dual (or triple?) encryption process before transmission, maybe cutting every other bit of the message out to another file to be separately encrypted and sent later or by other means ... Or, what the heck, just write it out longhand and send it in care of nephew Guido. There, problem solved!

  5. #5
    Senior Member
    Join Date
    Jan 2002
    Posts
    682
    sure sure...but guido's on the gov't squeal list cause he got busted for possession...so he drops a copy of the note to a man in a dark suit sitting on a bench in a park...

    but this shouldn't be a surprise....rule #one of security is we will never be completely secure...secure *enough* perhaps....
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  6. #6
    Senior Member The Old Man's Avatar
    Join Date
    Aug 2001
    Posts
    364
    Well, actually, it's all been a serious game since way back when somebody taught the emporer how to write, and it suddenly became illegal for any commoner to be trained in that skill, on pain of death. The encryption skills over time just become more technical, sophisticated and expensive, and the intellectual and power challenge to break the secrets become even higher than the basic row of Mazlow's Hierarchy of Needs. But the stakes (discounting inflation and raw numbers of people) are probably still about the same; wars are won or lost, fortunes are made or lost, people and governments gain advantages or loose secrets they spent a lot of time and incredible amounts of money developing... etc. I still say there are a couple of ways to beat the BBBBBBBBBillion$$$$$ encryptionbuster.

  7. #7
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Good thing I use 2048 bit encrypotion for most of my 'private' communications......hehehe

    "Korp dodges another bullet" headlines read.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  8. #8
    Banned
    Join Date
    Oct 2001
    Posts
    1,459
    Its all a game of cat and mouse... Someone makes a key, Someone else cracks it.... It will go into a neverending cycle... Thats how new security programs, updates, and patches are made...

  9. #9

    1 billion what about a chip fab?

    The price is estimated to several hundred million up to 1 billion *unless* they have or have access to a chip fab. The NSA, and nearly every intelligence agencies US and foriegn alike. Correct me if I'm wrong (and I'm sure you will), as of december 1998 there were 55 chip fabs in the US alone. It would be safe to say the NSA, and possibly itelligence agencies already have this technology in place, and the price tag was substantially lower than 1 billion.

  10. #10
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,883
    Not sure if they have it in place or not, but I am pretty sure I remember something a few years back about the CIA working as "investment brokers" for a chip fab company. Along with a few other tech companies. I wish I could remember the "front end" name of the bank.....
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •