North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: 1024-bit RSA keys in danger of compromise (fwd)

  • From: Richard A Steenbergen
  • Date: Mon Mar 25 19:30:53 2002

On Mon, Mar 25, 2002 at 03:32:08PM -0800, Len Sassaman wrote:
> What is most concerning to me is a few discoveries that were made while
> looking into the problem of widespread use of 1024 bit keys:

Personally I'm not too concerned (yet). You're probably worse off due to 
implementation flaws.

But on a list of things which "should be fixed" for the future: Any RSA
implementation using RSARef (which until the patent expired was the only
legal way to write RSA implementations in the US) is limited to < 1024

I can think of a few vendors using embedded SSH who still suffer from this
problem (Vendor F comes to mind, but their SSH implementation also doesn't
work with OpenSSH w/freebsd localisations, so something else is afoot
there as well).

Richard A Steenbergen <[email protected]>
PGP Key ID: 0x138EA177  (67 29 D7 BC E8 18 3E DA  B2 46 B3 D8 14 36 FE B6)