Can anyone give me a guestimates of the time to break it by;
(i.e. the maximum lifetime of any data encrypted with it)
1) the individual
2) the corperation
3) the government
Here is a quote from Peter Montgomery:
"I was one of 16 participants at a July, 1991, workshop on
Public-Key Cryptography sponsored by E.I.S.S.
(European Institute for System Security). Our report appears in
Th. Beth, M. Frisch, G.J. Simmons (Eds.)
Public-Key Cryptography: State of the Art and Future
Directions, Lecture Notes in Computer Sciences, 578,
Page 81 of this report says
For the most applications a modulus size of 1024 bit
for RSA should achieve a sufficient level for ``tactical''
secrets for the next ten years. This is for long-term
secrecy purposes, for short-term authenticity purposes
512 Bit might suffice in this century.
Page 39 of that report estimates 500,000 MIPS-years
to factor a general 512-bit integer via ppmpqs.
The number field sieve was rather new in 1991 (it had been
used to factor 2^512 + 1 but some thought it impractical
for general numbers). Nonetheless page 44 of the report warns
Thus is it not unlikely that the number field sieve is better
than the ppmpqs for factoring integers in the 512-bit range.
The 1991 recommendation for 1024-bit keys is still valid in
1999. The report makes no recommendation for key lengths next
century. The recent RSA-140 factorization and Shamir's
warnings that 512-bit keys are vulnerable in 1999, although they
are probably OK for `short-term authenticity purposes'.
Peter-Lawren...@cwi.nl Home: San Rafael,
California Microsoft Research and CWI "
So Peter has already factored a 140 digit number (420 bits).
Lets call that a corporate effort, because of the team.
An individual like me, would take 20 years to factor a 512 bit
number. Peter's team will might factor 512 bits next year.
The government may do it in a month.
RSA-digits date MIPS-years
RSA-100 April 1991 7
RSA-129 April 1994 5000
RSA-130 April 1996 500
RSA-140 Febr 1999 2000
140 digits is about 465 bits.
512 bits would be 154 digits.
DJohn37050 typed this on 27 Jul 1999 15:46:45 GMT about 'Re: Rsa-512':
D> One should assume RSA 512 can be broken by a determined attacker. Don
What about the machine presented to crack 512 bit RSA keys? Nobody admitted
building one, but we can bet our behinds that at least one agency did.
FIDO: 2:301/133 & 135 | Member We're returning!
Internet mu...@snoop.alphanet.ch | Team AMIGA - the true avantgarde
Yes. I can give such estimates.
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.