[145675] in cryptography@c2.net mail archive
Re: 2048-bit RSA keys
daemon@ATHENA.MIT.EDU (Jonathan Katz)
Tue Aug 17 11:08:09 2010
Date: Tue, 17 Aug 2010 01:46:01 -0400 (EDT)
From: Jonathan Katz <jkatz@cs.umd.edu>
To: Paul Hoffman <paul.hoffman@vpnc.org>
cc: Ray Dillinger <bear@sonic.net>, cryptography@metzdowd.com
In-Reply-To: <p06240801c88e35cc87e9@[10.20.30.158]>
On Sun, 15 Aug 2010, Paul Hoffman wrote:
> At 9:34 AM -0700 8/15/10, Ray Dillinger wrote:
>> I'm under the impression that <2048 keys are now insecure mostly due
>> to advances in factoring algorithms that make the attack and the
>> encryption effort closer to, but by no means identical to, scaling
>> with the same function of key length.
>
> You are under the wrong impression, unless you are reading vastly different crypto literature than the rest of us are. RSA-1024 *might* be possible to break in public at some point in the next decade, and RSA-2048 is a few orders of magnitude harder than that.
Many on the list may already know this, but I haven't seen it mentioned on
this thread. The following paper (that will be presented at Crypto
tomorrow!) is most relevant to this discussion:
"Factorization of a 768-bit RSA modulus",
http://eprint.iacr.org/2010/006
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
