Rsa-512

0 views
Skip to first unread message

Adam Pridmore

unread,
Jul 27, 1999, 3:00:00 AM7/27/99
to
I know that RSA-512 is looking a little insecure, but I was curious as to
how insecure.

Can anyone give me a guestimates of the time to break it by;
(i.e. the maximum lifetime of any data encrypted with it)

1) the individual

2) the corperation

3) the government

cheers Adam

Glenn Davis

unread,
Jul 27, 1999, 3:00:00 AM7/27/99
to

Here is a quote from Peter Montgomery:

"I was one of 16 participants at a July, 1991, workshop on
Public-Key Cryptography sponsored by E.I.S.S.
(European Institute for System Security). Our report appears in

Th. Beth, M. Frisch, G.J. Simmons (Eds.)
Public-Key Cryptography: State of the Art and Future
Directions, Lecture Notes in Computer Sciences, 578,
Springer-Verlag, 1991.

Page 81 of this report says

For the most applications a modulus size of 1024 bit
for RSA should achieve a sufficient level for ``tactical''
secrets for the next ten years. This is for long-term
secrecy purposes, for short-term authenticity purposes
512 Bit might suffice in this century.

Page 39 of that report estimates 500,000 MIPS-years
to factor a general 512-bit integer via ppmpqs.
The number field sieve was rather new in 1991 (it had been
used to factor 2^512 + 1 but some thought it impractical
for general numbers). Nonetheless page 44 of the report warns

Thus is it not unlikely that the number field sieve is better
than the ppmpqs for factoring integers in the 512-bit range.

The 1991 recommendation for 1024-bit keys is still valid in
1999. The report makes no recommendation for key lengths next
century. The recent RSA-140 factorization and Shamir's
announcement are
warnings that 512-bit keys are vulnerable in 1999, although they
are probably OK for `short-term authenticity purposes'.
--
Peter-Lawren...@cwi.nl Home: San Rafael,
California Microsoft Research and CWI "


So Peter has already factored a 140 digit number (420 bits).
Lets call that a corporate effort, because of the team.
An individual like me, would take 20 years to factor a 512 bit
number. Peter's team will might factor 512 bits next year.
The government may do it in a month.

Anton Stiglic

unread,
Jul 27, 1999, 3:00:00 AM7/27/99
to

To give you an idea, here are numbers from the RSA-labs challenge:


RSA-digits date MIPS-years
RSA-100 April 1991 7
...
RSA-129 April 1994 5000
RSA-130 April 1996 500
RSA-140 Febr 1999 2000

140 digits is about 465 bits.

512 bits would be 154 digits.


Anton

DJohn37050

unread,
Jul 27, 1999, 3:00:00 AM7/27/99
to
One should assume RSA 512 can be broken by a determined attacker.
Don Johnson

Rene Laederach

unread,
Jul 28, 1999, 3:00:00 AM7/28/99
to
Hello DJohn37050!

DJohn37050 typed this on 27 Jul 1999 15:46:45 GMT about 'Re: Rsa-512':

D> One should assume RSA 512 can be broken by a determined attacker. Don
D> Johnson

What about the machine presented to crack 512 bit RSA keys? Nobody admitted
building one, but we can bet our behinds that at least one agency did.

--
FIDO: 2:301/133 & 135 | Member We're returning!
Internet mu...@snoop.alphanet.ch | Team AMIGA - the true avantgarde

Bob Silverman

unread,
Jul 29, 1999, 3:00:00 AM7/29/99
to
In article <TCHS28...@techserver.comodo.net>,

"Adam Pridmore" <Ad...@Comodo.net> wrote:
> I know that RSA-512 is looking a little insecure, but I was curious
as to
> how insecure.
>
> Can anyone give me a guestimates of the time to break it by;
> (i.e. the maximum lifetime of any data encrypted with it)
>
> 1) the individual
>
> 2) the corperation
>
> 3) the government

Yes. I can give such estimates.

--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"


Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.

Reply all
Reply to author
Forward
0 new messages