1024-bit RSA keys possibly insecure

Securty Focus/BugTraq ^ | Mar 24 2002 | Lucky Green

[zeugma]

To: BugTraq
Subject: 1024-bit RSA keys in danger of compromise
Date: Mar 24 2002 1:38AM
Author: Lucky Green [shamrock@cypherpunks.to]

As those of you who have discussed RSA keys size requirements with me over the years will attest to, I always held that 1024-bit RSA keys could not be factored by anyone, including the NSA, unless the opponent had devised novel improvements to the theory of factoring large composites unknown in the open literature. I considered this to be possible, but highly unlikely. In short, I believed that users' desires for keys larger than 1024-bits were mostly driven by a vague feeling that "larger must be better" in some cases, and by downright paranoia in other cases. I was mistaken.

Based upon requests voiced by a number of attendees to this year's Financial Cryptography conference , I assembled and moderated a panel titled "RSA Factoring: Do We Need Larger Keys?". The panel explored the implications of Bernstein's widely discussed Circuits for Integer Factorization: a Proposal".

Although the full implications of the proposal were not necessarily immediately apparent in the first few days following Bernstein's publication, the incremental improvements to parts of NFS outlined in the proposal turn out to carry significant practical security implications impacting the overwhelming majority of deployed systems utilizing RSA or DH as the public key algorithms.

Coincidentally, the day before the panel, Nicko van Someren announced at the FC02 rump session that his team had built software which can factor 512-bit RSA keys in 6 weeks using only hardware they already had in the office.

See the rest of the post at... http://online.securityfocus.com/archive/1/263924

[zeugma]

I have hung out on the Cypherpunks mailing quite a bit over the past 6 or so years. The fellow who posted this is fairly well respected as far as crypto is concerned.

If you use GPG or PGP, I'd advise you consider his opinions.

[altair]

A cypherpunks bump. This is the real thing.

[PatrioticAmerican]

Why is it that people who have NO insider information or experience with the NSA spout about how the NSA can or cannot do something? Having worked in highly secured environments, I can say that 99.9999% of all comments are pure stupidity and ignorance. The job of the NSA is to both create encryption formulas for our use and to crack the other guy's. Now, if RSA was SOOOOO secure, then wouldn't the NSA just grab it and toss away what they are doing? If RSA was soooo good, then wouldn't the other guy just use it and baffle the NSA? It always seems that some academic in a university always wants us to beleive that he "knows many people in the NSA" and that he can tell us that his system is secure, as thought his "friends" in the NSA have told him our most classified secrets about our crypto capabilities. RSA is 30 years old. How long do ya think it takes the NSA to crack it? How long do you think the NSA keeps their routines in service? 30 years? I bet not.