nanog mailing list archives
Re: Banc of America Article
From: "Dave Howe" <DaveHowe () gmx co uk>
Date: Sun, 26 Jan 2003 15:52:05 -0000
E.B. Dreger wrote:
Date: Sun, 26 Jan 2003 00:22:02 -0500 (Eastern Standard Time) From: Alex RubensteinAgreed. And, even if it is super encrypted, who cares? Enough CPU and time will take care of that.Articles about "1000 years to crack using brute force" are a bit disconcerting if someone has access to 10,000x compromised hosts. While we're on the subject: root certificates, anybody? Each worm seems to prove the availability of CPU and time.
Might not even need a worm - just enough money to form a seed. according to recent paper (TWIRL) the main step towards breaking a 1024 key (such as used by all the CAs currently) could be done in under a year by a machine with a cost of $10M (surely not beyond the reach of a large multinational company or crime organisation). In detail: http://psifertex.com/download/twirl.pdf Factoring Large Numbers with the TWIRL Device (preliminary draft) Adi Shamir, Eran Tromer Department of Computer Science and Applied Mathematics Weizzmann Institute of Science, Rehavot 76100, Israel Ishamir,tromerlftisdon.wei () nmnn ac iI January 23, 2003 Abstract. The security of the RSA cryptosystem depends on the difficulty of factoring large integers. The best current factoring algorithm is the Number Field Sieve (NFS), and its most difficult part is the sieving step. In 1999 a large distributed computation involving thousands of workstations working for many months managed to factor a 512-bit RSA key, but 1024-bit keys were believed to be safe for the next 15-20 years. In this paper we describe a new hardware implementation of the NFS sieving step (based on standard 0.13pm, I GHz VLSI technology) which is 3-4 orders of magnitude more cost effective than the best previously published designs (such as the opt electronic TWINKLE of 1131 and the mesh-based sieving of 151)- Based on a detailed analysis of all the critical components (but without an actual implementation), we believe that the NIPS sieving step for 1024-bit RSA keys can be completed in less than a year by a $10M device, and that the NFS sieving step for 512-bit RSA keys can be completed in less than ten minutes by a $10K device. Coupled with recent results about the difficulty of the NFS matrix step [10], this raises some concerns about the security of these key sizes-
Current thread:
- Banc of America Article Alex Rubenstein (Jan 25)
- Re: Banc of America Article Jack Bates (Jan 25)
- Re: Banc of America Article Sean Donelan (Jan 25)
- Re: Banc of America Article alex (Jan 27)
- Re: Banc of America Article Avleen Vig (Jan 25)
- Re: Banc of America Article Ryan Fox (Jan 25)
- Re: Banc of America Article Alex Rubenstein (Jan 25)
- Re: Banc of America Article E.B. Dreger (Jan 25)
- Re: Banc of America Article Dave Howe (Jan 26)
- Re: Banc of America Article Ryan Fox (Jan 25)
- Re: Banc of America Article Wayne E. Bouchard (Jan 25)
- Re: Banc of America Article alex (Jan 27)
- <Possible follow-ups>
- Banc of America Article Alex Rubenstein (Jan 25)
- Re: Banc of America Article Charles Sprickman (Jan 25)
- Re: Banc of America Article Leo Bicknell (Jan 28)
- RE: Banc of America Article Al Rowland (Jan 29)
- RE: Banc of America Article E.B. Dreger (Jan 29)
- RE: Banc of America Article alex (Jan 29)
- RE: Banc of America Article Daniel Senie (Jan 29)