From: Hermit (hidden@lucifer.com)
Date: Thu Mar 28 2002 - 17:47:07 MST
As previously hinted, I consider key lengths of less than 1k to be seriously weak (a few hours), 2k to be moderate (3 days) and 4k to be sufficient for non-critical material (for critical material, the only safe key is a one-time private key). The discussion is now public and I think confirms my initial suspicions.[quote][b]Cross-list[/b]. An interesting and controversial research paper released a few weeks ago discusses a new way to potentially factor 1024-bit RSA and DH keys. At first, much of the security community was skeptical. But lately, many notable researchers have agreed that the theory is sound. While the reality of implementing the hardware discussed in the paper in a typical commercial environment is limited (costs can range upward of $1 billion), the potential for large government organizations (local and foreign) isn\'t. The security implications are that key sizes of 1024 bits and less can be considered weak and inappropriate for extremely sensitive data; the down side is that many SSL certif
icates and commercial applications use 1024-bit keys. In general, our recommendation is to have all future-generated keys be larger than 1024 bits and to look at updating current keys when time and resources permit. A PostScript copy of the original paper is available at: [url]http://cr.yp.to/papers/nfscircuit.ps[/url][/quote]
Regards
Hermit
---- This message was posted by Hermit to the Virus 2002 board on Church of Virus BBS. <http://virus.lucifer.com/bbs/index.php?board=16;action=display;threadid=>
This archive was generated by hypermail 2.1.5 : Wed Sep 25 2002 - 13:28:45 MDT