Re: [Cfrg] 1024 bit RSA

Phillip Hallam-Baker <phill@hallambaker.com> Fri, 04 November 2016 15:51 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7270F1294CA for <cfrg@ietfa.amsl.com>; Fri, 4 Nov 2016 08:51:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.399
X-Spam-Level:
X-Spam-Status: No, score=-2.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n7qZL3Tao823 for <cfrg@ietfa.amsl.com>; Fri, 4 Nov 2016 08:51:01 -0700 (PDT)
Received: from mail-wm0-x22b.google.com (mail-wm0-x22b.google.com [IPv6:2a00:1450:400c:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 243241295A2 for <cfrg@irtf.org>; Fri, 4 Nov 2016 08:51:01 -0700 (PDT)
Received: by mail-wm0-x22b.google.com with SMTP id n67so58259805wme.1 for <cfrg@irtf.org>; Fri, 04 Nov 2016 08:51:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=eCu1pWdLscGBvUK1VIB5wr13yTTxNGAek9dfSUCMuJI=; b=ZyQ3lrYvFRbXFLVS7NWZoJjR/HZG9M07OEdXGsWXumXPhtEYScnUVkp9sKfOXzR5jB UMqTisLfGdKGR1qSSzseLWwS3jEz3xeD5qK9lqT7wdFtnhYvEFTBQnVWDqFtPl3kNsCK sF+MNgeg9xHc+R3OvgOsw7Dc2XdBOnOfgQBEZHDnGU/E9VMnVC04WPnGxERZ3MXHpTc8 QV3KgsXR8uxIvH5gXiPtd/abMVrEbAiGhTa9DgsNdr9RewVKlgkt5HwXv8q/SiN8/asA APVNg4yJJN86P1Avd28l1TjwF7BstjDj0s7qYxlxII5J5B0dwA+zhne5Wf82VMamlBXa obqg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=eCu1pWdLscGBvUK1VIB5wr13yTTxNGAek9dfSUCMuJI=; b=l+Gv8YQOxUyP0pkVBHmsGvXflYXcbcP69la82r+jltiEM9K1NUNdfHkP9+QYlrE8X0 I5wjrfrsL2vnx2TwWpM00yLoHxF1aqJ32/rMJ17MJHzdc+ZZKqCbIrpBWp1tn62dQ32P Gd7FgD5RRx7dqURNXw5rD+BnWvgY2Xcob9y8T9x1G3RAimcmQ5hrQRY5dTauHI0NIQD4 POt6rsL8XsPKDR53cANF8crSrnEmN31csPtDuj6/2pLWJMOmkqrcRq7uzq5GheEwyMoj H0rLKArGJHx5zyvhsf4RgVi/cSSDJU4d/icIPWmeUiLl2Ov60aAooZm+G7droagmd8Op L1Kg==
X-Gm-Message-State: ABUngvdIrv8gumtXm+PeLI37C1WwRI4VLbEj4i1F8AHIrgg8gI6YtUPoAvhp/bUlmH9xi4GUpdQ6wT/TVJ38yA==
X-Received: by 10.28.55.203 with SMTP id e194mr3897570wma.97.1478274659691; Fri, 04 Nov 2016 08:50:59 -0700 (PDT)
MIME-Version: 1.0
Sender: hallam@gmail.com
Received: by 10.194.227.170 with HTTP; Fri, 4 Nov 2016 08:50:58 -0700 (PDT)
In-Reply-To: <005a01d236b0$4b247470$e16d5d50$@x500.eu>
References: <005a01d236b0$4b247470$e16d5d50$@x500.eu>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Fri, 4 Nov 2016 11:50:58 -0400
X-Google-Sender-Auth: eFw_7_8T4qtGhmD6x9SIqhMtiMM
Message-ID: <CAMm+LwgHKq8fQ7sTk+iXKHZ4L+oAKNnK+FKG461SXGz5oUn4xA@mail.gmail.com>
To: Erik Andersen <era@x500.eu>
Content-Type: multipart/alternative; boundary=001a1143abd6f8b23f05407ba35d
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/JJ-ZxjDMqu3rMSPAK2r7WCV__74>
Cc: Cfrg <cfrg@irtf.org>
Subject: Re: [Cfrg] 1024 bit RSA
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Nov 2016 15:51:05 -0000

I think the informal position would be that it is still beyond the
capabilities of parties using public resources and methods but nobody would
be in the least surprised if the big SIGINT agencies like NSA and GCHQ were
breaking them.

The longest RSA challenge factored was RSA 768 in 2009:

https://en.wikipedia.org/wiki/RSA_Factoring_Challenge

RSA 704 was broken this year which shows people are still active. That
effort looks like the type of thing you would do before a challenge on
RSA896 which I expect to fall before 2020.

So expect RSA 1024 to certainly fall by 2030 and probably by 2025.





On Fri, Nov 4, 2016 at 11:29 AM, Erik Andersen <era@x500.eu> wrote:

> I participate in IT smart grid standardization within IEC TC57 WG15. A
> couple of standards under development still allow 1024 bit RSA keys for
> so-called backward compatibility. I have so far not been able to change
> that. My question is now. Is there any information available for how long
> time or how much effort it takes to break  a 1024 bit RSA key?
>
>
>
> Erik
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg
>
>