* Olaf Kirch wrote on Tue, Jul 02, 2002 at 09:18 +0200:
On Mon, Jul 01, 2002 at 06:23:45PM +0200, Praise wrote:
A friend of mine told me that 1024bit keys were broken, and he advised me to use 4096bit keys... I think he is confusing ssl with ssh. Do you have similar information on this?
There is a paper by Dan Bernstein that discusses how much computing power (and money) it would take to build something that's able to brute force a 1024 bit RSA key.
Based on this paper, I believe, some people recently drew the conclusion that you can build such a thing for 1 billion USD which should be well within the budget of several US government agencies. None of this is proven, and pretty much of this is based on speculation.
IIRC there were other people who told that DJB missed some details and the costs would be even larger.
My personal opinion is, there's no need to panic, and throw away all your keys. If you do create a new key, it is a good idea to choose a bigger key length if the software supports it.
Well, and if you do not trust 1024 Bit, I really wonder why someone should upgrade to 4096 bit. IIRC adding tree bits or so of length would statistical double the needed break time. In that case, going from 1024 to 4096 bit would double 1024 times, that is 2^1024 (and not 2*1024!) which evaluates to 17976931348623159077293051907890247336179769789423065727343008115773\ 26758055009631327084773224075360211201138798713933576587897688144166\ 22492847430639474124377767893424865485276302219601246094119453082952\ 08500576883815068234246288147391311054082723716335051068458629823994\ 7245938479716304835356329624224137216 times. So even 2048 bits are really paranoid - assumed some agency use weeks of computing power of the billion dollar machine to break *your* 1024 SSH/SSL/TLS RSA key... Please correct me if I'm wrong! From my today knowledge, german banks (who are known to have very high security standards) allow 1024 bit RSA for payment, and in the next years the key lengths get increased to 1152 Bits. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.