PDA

View Full Version : RSA cracker machine


mike
February 27th, 2002, 12:04
Dan Bernstein just posted a paper to the cryptography mailing list that showed how to build machines that can crack RSA keys three times as long for the same cost as previous ones. All RSA keys less than 2k bits are now insecure. I wonder how this changes the RSA factoring competition?

DakienDX
February 27th, 2002, 12:25
Hello mike !

This is an interesting message. Now it will become interesting again to look at 1024 bit keys.

But how much will such things cost? Who would buy a $100.000 machine to factorize a number which brings $10.000 when done, with the risk that someone else has also bought the same machine and has already factored the number?

How fast is such a machine? If RSA-1024 still takes a half year it's not so interesting to most people. If it takes half an hour, it becomes more interesting.

This means program authors using RSA a registration protection will now have to use a DVD to give the registration key to the user, because it doesn't fit any more on a CD.

crw
February 28th, 2002, 05:28
where can i find this cryptography mailinglist?

AdamA
February 28th, 2002, 09:01
Quote:
Originally posted by crw
where can i find this cryptography mailinglist?


h**p://www.mail-archive.com/cryptography%40wasabisystems.com/msg01830.html

AdamA

mike
February 28th, 2002, 12:29
The bit about 2k-bit keys being insecure was someone else's extrapolation. What Bernstein showed was that *asymptotically* his machine factors numbers 3 times as long, but there's a (possibly very large) multiplier that he doesn't know. It may not apply to numbers that would ever be used in RSA. His paper is a proposal to NSF to get funding to figure that out.

Fake51
March 13th, 2002, 18:53
h**p://www.theregister.co.uk/content/55/24414.html

An update on the story.

Fake

mike
March 26th, 2002, 16:20
According to Lucky Green (I've met the guy; he's got his head on straight) and a panel of hardware experts at a recent conference, the machine Bernstein proposes is actually feasible and could be built for $1B (= $10^12).

http://www.securityfocus.com/archive/1/263924

Kilby
March 27th, 2002, 10:35
It may be worth having a look at this before guying one

hppt://www.counterpane.com/crypto-gram-0203.html#6

I think I will stick with Mr Steiners views rather than the staff of the register, and members of slashdot.

Kilby...

mike
March 27th, 2002, 19:00
Quote:
It may be worth having a look at this before guying one

hppt://www.counterpane.com/crypto-gram-0203.html#6

I think I will stick with Mr Steiners views rather than the staff of the register, and members of slashdot.

Kilby...


Yes, I've read it. I've written papers with Bruce (by the way, it's Schneier, not Steiner). This cryptogram article was written before that conference I mentioned. Bruce is not a specialist in factoring methods or in hardware. His forte is block ciphers and saying things really well.

The panel at the conference was composed of people who know what they're talking about.

Kilby
March 29th, 2002, 18:45
Mike,
I bow to your superior knowledge.

I hust had a problem with sites like the register and slashdot, as their sites are almost as inaccurate as the conventional press

I should know as I work with so called journalists every day

Kilby...