two correction,
First if they crack your server key (512 bit RSA) they can now
read every conversation made using that key. That key is probably good for
a year or more.
Second, RSA has been telling people to phase out the use of 512 bit keys
as long ago as 1985, most of they keys in use are actually 1024 bit keys
nowdays, which take 1,000 to 1,000,000 (I don't have the refrence in
frount of me) times as long to crack.
David Lang
On Tue, 28 Sep 1999, Drew Smith wrote:
> Date: Tue, 28 Sep 1999 08:31:54 -0600
> From: Drew Smith <[EMAIL PROTECTED]>
> To: me <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> Subject: Re: Please review proposed rebuttal...
>
>
> A possible addition, suggested by a co-worker.
>
> IF someone should happen to listen in on your encrypted transaction,
> and IF they happen to have the knowledge and awesome computing power to
> crack that encryption within, say, one week - exactly what do they
> have? A plain-text document detailing a transaction you made a week
> ago, with no way to duplicate it or, realistically, use it in any useful
> way.
>
> And, IF these horrible criminal masterminds happen to be Americans,
> they're virtually impossible to catch - they could just escape to the
> Moon. We spent the 60's proving that it COULD be done.
>
> Cheers,
> - Drew.
>
> > me wrote:
> >
> > To all,
> >
> > I know this is a little off topic, but I know a lot of you will be
> > interested in helping me with this.
> >
> > Please review the following article for technical correctness. It is
> > at best, my amateur compilation of inputs I received over the past few
> > weeks from many different security related newsgroups. Hopefully, this
> > will calm the storm generated by the clueless reporting of the
> > "512-bit RSA key cracked" event. Keep in mind the audience for this
> > article is the general public and those reporters that have "reported"
> > on this event.
> >
> > Please let me know your comments/opinions.
> >
> > Thanks in advance,
> >
> > Michael Sorbera
> >
> > Webmaster
> >
> > Randolph-Brooks Federal Credit Union
> >
> > Here's my proposed article:
> >
> > A team of researchers, numbering in the hundreds, combined with over
> > 300 awesome computers working over a seven-month period demonstrated
> > that using their combined resources the capability exists to "crack"
> > the 512-bit RSA key. This 512-bit key is currently used largely by
> > E-Commerce sites that want to be able to do business internationally.
> > Most of the U.S. based financial institutions have already made the
> > upgrade to the 1024-bit RSA key.
> >
> > The actual 512-bit RSA key was not cracked. A 155-digit number that is
> > the same length as the number for the 512-bit key was factored to its
> > prime numbers. So the "actual" key was not factored or cracked, but a
> > number similar to it was. The researchers demonstrated to the World
> > that the key could be cracked, not that it was cracked. To actually
> > crack the key, someone will have to duplicate the efforts of the
> > researchers on the actual key. Most of the folks involved in this
> > endeavor would not participate in an actual attack on a key.
> >
> > This 512 or 1024-bit RSA key is only one level of protection given to
> > transactions on the Internet. Almost all public transactional Web
> > sites use SSL (Secured Sockets Layer) to encrypt the data. In SSL,
> > once the data is encrypted using the 512 or 1024-bit RSA key, it is
> > encrypted again with ANOTHER key that�s generated by the browser. This
> > other key is different every time you initiate an SSL session. For
> > those browsers using 128-bit Strong U.S. encryption, a Cray super
> > computer can crack it in 2 days. The average group of folks would have
> > to get together 30 or so computers, running in parallel, teamed up
> > with about 5 people at least 2 weeks of 24 hour a day operation to
> > "crack" this second key.
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
