North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: 1024-bit RSA keys in danger of compromise (fwd)

  • From: Travis Pugh
  • Date: Mon Mar 25 19:15:19 2002

Len Sassaman <[email protected]> writes:

> Prior to Bernstein's discovery the row-reduction step in
> could be made massively parallelizable, we believed that 1024 bit
> would remain unfactorable essentially forever. Now, 1024 bit RSA
keys look
> to be factorable either presently, or in the very near future once
> law is taken into account. However, at a price tag of $2 billion for
> specialized machine, we have a few years before anyone outside of
> intelligence community attempts this.
> What is most concerning to me is a few discoveries that were made
> looking into the problem of widespread use of 1024 bit keys:

Out of curiosity, was there any indication that Bernstein's
improvements might apply to the discrete log problem, DSA in general,
and the 1024-bit limit on key size built into NIST's DSS standard?
Revoking an RSA key and re-issuing a longer one might be a pain, but
there's no option for that in the current GPG implementation.