On Sun, 15 Aug 2010, Paul Hoffman wrote:
At 9:34 AM -0700 8/15/10, Ray Dillinger wrote:
I'm under the impression that <2048 keys are now insecure mostly due
to advances in factoring algorithms that make the attack and the
encryption effort closer to, but by no means identical to, scaling
with the same function of key length.
You are under the wrong impression, unless you are reading vastly different
crypto literature than the rest of us are. RSA-1024 *might* be possible to
break in public at some point in the next decade, and RSA-2048 is a few orders
of magnitude harder than that.
Many on the list may already know this, but I haven't seen it mentioned on
this thread. The following paper (that will be presented at Crypto
tomorrow!) is most relevant to this discussion:
"Factorization of a 768-bit RSA modulus",
http://eprint.iacr.org/2010/006
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com