Re: [Cfrg] 1024 bit RSA

Derek Atkins <derek@ihtfp.com> Fri, 04 November 2016 16:33 UTC

Return-Path: <derek@ihtfp.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B7781295B1 for <cfrg@ietfa.amsl.com>; Fri, 4 Nov 2016 09:33:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ihtfp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1bSRWBDNO85N for <cfrg@ietfa.amsl.com>; Fri, 4 Nov 2016 09:33:53 -0700 (PDT)
Received: from mail2.ihtfp.org (mail2.ihtfp.org [IPv6:2001:470:e448:1::3a11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 583821295B6 for <cfrg@irtf.org>; Fri, 4 Nov 2016 09:33:52 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 67E52E203F; Fri, 4 Nov 2016 12:33:50 -0400 (EDT)
Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 00589-02; Fri, 4 Nov 2016 12:33:47 -0400 (EDT)
Received: from securerf.ihtfp.org (unknown [IPv6:2001:470:e448:2:ea2a:eaff:fe7d:235]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mocana.ihtfp.org", Issuer "IHTFP Consulting Certification Authority" (verified OK)) by mail2.ihtfp.org (Postfix) with ESMTPS id 714D5E2039; Fri, 4 Nov 2016 12:33:47 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1478277227; bh=4VA/WWYZ1RBl4t1ssf7m+4XksFp9vOd2iK9IZqY8jTI=; h=From:To:Cc:Subject:References:Date:In-Reply-To; b=H9q13cAju4KOEbjqo6WJgiNvYxwS5dbylMRiB+RjhkqXZWfrpkbLj8qYeDSgpCuAv R2Q3rIFBVgm8c6rrKWtkLpwj1AsGBBBSgXhSK45+AlsD7Qdt3z7cfcaoGInwsdGEW2 JsmYf1Ze0TOEOzoU5R2s01SoFyFG1Iuk9sl3ffLA=
Received: (from warlord@localhost) by securerf.ihtfp.org (8.15.2/8.14.8/Submit) id uA4GXkwH013667; Fri, 4 Nov 2016 12:33:46 -0400
From: Derek Atkins <derek@ihtfp.com>
To: "Erik Andersen" <era@x500.eu>
References: <005a01d236b0$4b247470$e16d5d50$@x500.eu>
Date: Fri, 04 Nov 2016 12:33:46 -0400
In-Reply-To: <005a01d236b0$4b247470$e16d5d50$@x500.eu> (Erik Andersen's message of "Fri, 4 Nov 2016 16:29:54 +0100")
Message-ID: <sjmoa1vw6fp.fsf@securerf.ihtfp.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Virus-Scanned: Maia Mailguard 1.0.2a
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/K56460OE1v0jMHx44bqXDcxFZO8>
Cc: Cfrg <cfrg@irtf.org>
Subject: Re: [Cfrg] 1024 bit RSA
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Nov 2016 16:33:54 -0000

"Erik Andersen" <era@x500.eu> writes:

> I participate in IT smart grid standardization within IEC TC57 WG15. A couple
> of standards under development still allow 1024 bit RSA keys for so-called
> backward compatibility. I have so far not been able to change that. My
> question is now. Is there any information available for how long time or how
> much effort it takes to break  a 1024 bit RSA key?

Just remember that RSA1024 provides approximately 80 bits of security.
As Phill mentioned that's currently out of the range of public
resources, but probably not SIGINT.

What symmetric ciphers are they using?  If they're using AES-128, then I
would ask why they would support a key agreement/signature that's less
secure?  Getting 128-bit public key security is rather straightforward
these days, even in pretty small systems.

> Erik

-derek
-- 
       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant