On Sun, 15 Aug 2010, Paul Hoffman wrote:

At 9:34 AM -0700 8/15/10, Ray Dillinger wrote:
I'm under the impression that <2048 keys are now insecure mostly due
to advances in factoring algorithms that make the attack and the
encryption effort closer to, but by no means identical to, scaling
with the same function of key length.

You are under the wrong impression, unless you are reading vastly different 
crypto literature than the rest of us are. RSA-1024 *might* be possible to 
break in public at some point in the next decade, and RSA-2048 is a few orders 
of magnitude harder than that.

Many on the list may already know this, but I haven't seen it mentioned on this thread. The following paper (that will be presented at Crypto tomorrow!) is most relevant to this discussion:
  "Factorization of a 768-bit RSA modulus",

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to