Return to BSD News archive
Xref: sserve alt.security:10073 sci.crypt:16779 sci.math:47670 comp.unix.misc:9159 comp.unix.wizards:30861 alt.security.pgp:1432 comp.os.386bsd.misc:1079 comp.os.linux.misc:1814 Newsgroups: alt.security,sci.crypt,sci.math,comp.unix.misc,comp.unix.wizards,alt.security.pgp,comp.os.386bsd.misc,comp.os.linux.misc Path: sserve!newshost.anu.edu.au!munnari.oz.au!news.Hawaii.Edu!ames!elroy.jpl.nasa.gov!usc!howland.reston.ans.net!pipex!uknet!comlab.ox.ac.uk!pcl From: pcl@ox.ac.uk (Paul C Leyland) Subject: Re: RSA129 factoring attack -- participants needed Message-ID: <PCL.93Sep22113238@rhodium.ox.ac.uk> In-reply-to: fahn@chirality.rsa.com's message of 21 Sep 93 15:46:26 Organization: Oxford University Computing Services, 13 Banbury Rd Oxford OX2 6NN References: <explorer.748591928@tbird.cc.iastate.edu> <FAHN.93Sep21154626@chirality.rsa.com> Date: 22 Sep 93 11:32:38 Lines: 40 In article <FAHN.93Sep21154626@chirality.rsa.com> fahn@chirality.rsa.com (Paul Fahn) writes: In article <explorer.748591928@tbird.cc.iastate.edu> explorer@iastate.edu (Michael Graff) writes: > In 1977, a 129-digit integer appeared in the pages of Scientific American. > This number, the RSA challenge modulus or RSA-129, has not yet been > successfully factored. Factoring it, a 425-bit number, would be a major > milestone in cryptography, as it would show that current technology is able to > break commonly-used RSA-cryptosystem keys within a reasonable time. This is not correct. Commonly-used RSA systems use key sizes significantly larger than 425 bits. Common RSA key sizes range from 512 bits to 1024. Factoring RSA-129 does not in any way jeopardize the security of widely used versions of RSA. You are both correct. It is very common to use RSA keys in the range 512 to 1024 bits. However, PGP (for example) provides 384-bit keys as an option and quite a few people have taken up this option. Get hold of the keyring from a public key server if you wish to check this claim. I have been telling people to use at least 512-bit keys and they really ought to be using much larger ones. Nonetheless, running RSA on a small computer, in the 8086 class, can be so slow that some people trade off security for convenience. We can estimate that factoring 512-bit numbers is somewhere between a hundred and a thousand times more difficult than factoring 425-bit numbers. This increase in difficulty is sufficiently small that one should be concerned about the security of 512-bit keys in the near future. Paul -- Paul Leyland <pcl@oxford.ac.uk> | Hanging on in quiet desperation is Oxford University Computing Service | the English way. 13 Banbury Road, Oxford, OX2 6NN, UK | The time is gone, the song is over. Tel: +44-865-273200 Fax: +44-865-273275 | Thought I'd something more to say. Finger pcl@black.ox.ac.uk for PGP key |