Researcher: RSA 1024-bit Encryption not Enough

Arjen Lenstra, a cryptology professor at the École Polytéchnique Fédérale de Lausanne in Switzerland, said the distributed computation project, conducted over 11 months, achieved the equivalent in difficulty of cracking a 700-bit RSA encryption key. Hence, transactions aren't yet at risk, but "it is good advanced warning" of the coming dusk of 1024-bit RSA encryption, widely used now for Internet commerce, said Lenstra. The RSA encryption algorithm uses a system of public and private keys to encrypt and decrypt messages. The public key is calculated by multiplying two very large prime numbers. By identifying the two prime numbers used to create someone's public key, it's possible to calculate that person's private key and decrypt messages. But determining the prime numbers that make up a huge integer is nearly impossible without lots of computers and lots of time.

Using between 300 and 400 off-the-shelf laptop and desktop computers at EPFL, the University of Bonn and Nippon Telegraph and Telephone Corporation in Japan, researchers factored a 307-digit number into two prime numbers. Lenstra said they carefully selected a 307-digit number whose properties would make it easier to factor than other large numbers. Still, the calculations took 11 months, with the computers using special mathematical formulas created by researchers to calculate the prime numbers. The researchers would only be able to read a message encrypted with a key made from the 307-digit number they factored. But systems using the RSA encryption algorithm assign different keys to each user, and to break those keys, the process of calculating prime numbers would have to be repeated. The ability to calculate the prime number components of the current RSA 1024-bit public keys remains five to 10 years away, Lenstra said. Web sites should be looking toward stronger encryption than RSA 1024-bit.

News source: PC World

Report a problem with article
Previous Story

Google Launches Test Of AdSense For Video

Next Story

Intel eliminates the lead from its chips

22 Comments

View more comments

For now 1024bit encryption is good, 11 months is a long time, and I'm sure we won't be using 1024bit encryption for the rest of eternity

wait....1024 bit encryption? TrueCrypt is only 256 bit max (well, more like 256^3). I'm guessing they're different things?

Asymmetric encryption (e.g. RSA, DSA) use large key sizes (typically 1024 or 2048) while symmetric encryption (e.g. RC4, AES) typically use smaller key sizes (typically 128 or 256). Truecrypt uses symmetric encryption.

Sure, but if they have captured encrypted data of yours with account information, it doesn't matter if your new stuff uses a new key, right?

Well, as time goes on, that 11 months will get shorter and shorter, with available processing power, so they'll have to replace the method eventually.

Two Words: Blue-Gene

I know, off-the-shelf computers are used in this example. But a SuperComputer can most likely crack the system a touch faster.

umm the show numb3rs did a thing on the 1024bit encrytion with a guy going crazy over the last 15years to write a program to figure out the prime numbers, after reading this i thort to myself ...righhht stop watching so much tv

Quantum computers can utilize paradoxes so that the data (data1) is received processed before the processing in the CPU began. Then instead of processing data1, it can instead only focus on processing data2, only data2 has already been received processed also. This cyclic use of paradoxes will be used in future quantum computers in order to process any amount of data instantaneously.

Long term however this will result in subspace warming and we will have to cut universal paradox emissions by 20% by 2090.

Lt-DavidW said,
Quantum computers can utilize paradoxes so that the data (data1) is received processed before the processing in the CPU began. Then instead of processing data1, it can instead only focus on processing data2, only data2 has already been received processed also. This cyclic use of paradoxes will be used in future quantum computers in order to process any amount of data instantaneously.

Long term however this will result in subspace warming and we will have to cut universal paradox emissions by 20% by 2090.


Lol, utilize paradoxes. Hahaha What about utilizing quantum mechanics? :P

Ehmmmm, 11 months is NOT a long time. It is rather a VERY short time.

Anyways they only factored a 307-digit number into two prime numbers, one 307-digit number which was carefully selected to be a easy one to factor. I guess those numbers are not used in RSA? So decrypting a 700-bit RSA encryption would probably take more than 11 months, even if they had better computers.

RSA 1024-bit encryption being at risk? Too optimistic I say.

And they are so stupid, lol I mean, if they had factored a 212-digit number RSA encryption (RSA-704), they would have received $30.000. Now why wouldn't they do that? Here is the link:
http://www.rsa.com/rsalabs/node.asp?id=2093
Or what about RSA-1024? Only 309 digtits, just two more than they used.. Prize: $100.000

RSA-640 has been decrypted, but that takes MUCH less time to decrypt. The computation took 5 months on 30 2.2 GHz AMD Opteron CPUs. Now that is a encryption that is risky to use.

Im pretty sure that most hackers dont have entire labs of computers and 11 months to spend trying to crack something and if they did then it would probably be for some organization that would change their encryption daily. Hell, why don't we use gigabit encryption, itll make the file fill our entire harddrive but atleast well be safe.

As said before, if something is encrypted and someone manages to steal it or get hold of it, you can't change password and what the hackers have, only what you have. So changing password is NOT an option. I repeat NOT an option.

As mentioned before, RSA-640 was decrypted by 30 opterons in 5 months. I believe some pro hackers can manage to get 30 opterons, and 5 months is not so much. But the time need to decrypt RSA-1024 is considerably higher than RSA-640, so it will be quite a while before that is not enough.

The encryption rate should be based on the worth of what they're trying to get. 1024 bit encryption using the RSA algorithm which takes 11 months and a huge amount of processing power wouldn't be worth it, if whats behind the door is a 50.00$ gift certificate to Barnes & Nobles. They could use larger and better algorithms that have a higher worth. It would take x amount of time longer to decrypt it and could be reset every once in a while.

And the encryption can just increase as computers speed increases.

What about creating malware that instead of turning machines into spambots, performed a Decrypting@Home service for the offenders? Scary stuff...

Commenting is disabled on this article.