-
March 26th, 2002, 07:37 PM
#1
1024 RSA may be compromised
http://www.vnunet.com/News/1130451
Upgrade to 2048-bit, says crypto expert
According to a security debate sparked off by cryptography expert Lucky Green on Bugtraq yesterday, 1,024-bit RSA encryption should be "considered compromised".
....
The machine proposed by Bernstein would be able to break a 1,024-bit key in seconds to minutes. But the security implications of the practical 'breakability' of such a key run far deeper.
None of the commonly deployed systems, such as HTTPS, SSH, IPSec, S/MIME and PGP, use keys stronger than 1,024-bit, and you would be hard pushed to find vendors offering support for any more than this.
What this means, according to Green, is that "an opponent capable of breaking all of the above will have access to virtually any corporate or private communications and services that are connected to the internet".
yikes
I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson
-
March 26th, 2002, 08:07 PM
#2
Gee, to bad that means all your old files are now "broken" Anyone know how much it will cost to build this machine? I could propse a machie that will break 4096 Bit encryption a a minute, but the cost would be more then bill gates and the US government combined could afford.
\"Ignorance is bliss....
but only for your enemy\"
-- souleman
-
March 26th, 2002, 08:13 PM
#3
actually the article says several hundreds of millions to 1billion...for me and you...i don't think so...for a hostile foreign gov't...a bargain to crack every piece of secured communications that are sent anywhere...military, financial, government....
I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson
-
March 27th, 2002, 12:20 AM
#4
Hmmm, how 'bout that. I imagine this new superciphersleuther will have already been in beta format somewhere in the basement of Ft. Meade ...or somewhere. If I were an international bank, or passing secrets thru the company net to outside concerns maybe it would be time to consider alternate means of passing sensitive info. Maybe a dual (or triple?) encryption process before transmission, maybe cutting every other bit of the message out to another file to be separately encrypted and sent later or by other means ... Or, what the heck, just write it out longhand and send it in care of nephew Guido. There, problem solved!
-
March 27th, 2002, 12:34 AM
#5
sure sure...but guido's on the gov't squeal list cause he got busted for possession...so he drops a copy of the note to a man in a dark suit sitting on a bench in a park...
but this shouldn't be a surprise....rule #one of security is we will never be completely secure...secure *enough* perhaps....
I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson
-
March 28th, 2002, 06:39 PM
#6
Well, actually, it's all been a serious game since way back when somebody taught the emporer how to write, and it suddenly became illegal for any commoner to be trained in that skill, on pain of death. The encryption skills over time just become more technical, sophisticated and expensive, and the intellectual and power challenge to break the secrets become even higher than the basic row of Mazlow's Hierarchy of Needs. But the stakes (discounting inflation and raw numbers of people) are probably still about the same; wars are won or lost, fortunes are made or lost, people and governments gain advantages or loose secrets they spent a lot of time and incredible amounts of money developing... etc. I still say there are a couple of ways to beat the BBBBBBBBBillion$$$$$ encryptionbuster.
-
March 28th, 2002, 07:01 PM
#7
Good thing I use 2048 bit encrypotion for most of my 'private' communications......hehehe
"Korp dodges another bullet" headlines read.
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
-
March 28th, 2002, 08:10 PM
#8
Its all a game of cat and mouse... Someone makes a key, Someone else cracks it.... It will go into a neverending cycle... Thats how new security programs, updates, and patches are made...
-
March 28th, 2002, 08:12 PM
#9
1 billion what about a chip fab?
The price is estimated to several hundred million up to 1 billion *unless* they have or have access to a chip fab. The NSA, and nearly every intelligence agencies US and foriegn alike. Correct me if I'm wrong (and I'm sure you will), as of december 1998 there were 55 chip fabs in the US alone. It would be safe to say the NSA, and possibly itelligence agencies already have this technology in place, and the price tag was substantially lower than 1 billion.
-
March 28th, 2002, 08:36 PM
#10
Not sure if they have it in place or not, but I am pretty sure I remember something a few years back about the CIA working as "investment brokers" for a chip fab company. Along with a few other tech companies. I wish I could remember the "front end" name of the bank.....
\"Ignorance is bliss....
but only for your enemy\"
-- souleman
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|