Re: [Cfrg] 1024 bit RSA
"Erik Andersen" <era@x500.eu> Sat, 05 November 2016 09:05 UTC
Return-Path: <era@x500.eu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88FD41294E3 for <cfrg@ietfa.amsl.com>; Sat, 5 Nov 2016 02:05:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.198
X-Spam-Level: *
X-Spam-Status: No, score=1.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_SORBS_SPAM=0.5, RCVD_IN_SORBS_WEB=3.297] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NvmJAGWR00yC for <cfrg@ietfa.amsl.com>; Sat, 5 Nov 2016 02:05:17 -0700 (PDT)
Received: from mail03.dandomain.dk (mail03.dandomain.dk [194.150.112.203]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 757531293E8 for <cfrg@irtf.org>; Sat, 5 Nov 2016 02:05:17 -0700 (PDT)
Received: from Morten ([62.44.134.108]) by mail03.dandomain.dk (DanDomain Mailserver) with ASMTP id 3201611051005132444 for <cfrg@irtf.org>; Sat, 05 Nov 2016 10:05:13 +0100
From: Erik Andersen <era@x500.eu>
To: Cfrg <cfrg@irtf.org>
References: <20161104210313.4C668406061@ip-64-139-1-69.sjc.megapath.net>, <20161104212348.GA20439@LK-Perkele-V2.elisa-laajakaista.fi> <1478317865966.12431@cs.auckland.ac.nz>
In-Reply-To: <1478317865966.12431@cs.auckland.ac.nz>
Date: Sat, 05 Nov 2016 10:05:13 +0100
Message-ID: <000001d23743$b81c61d0$28552570$@x500.eu>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQHuVoLKDCGJ3ckH/Dd2oExCcI+wowK2H3PuAWSr4XWgcP3pMA==
Content-Language: en-gb
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/jv63yq-7XZyHznGuywqcCrQ4gEQ>
Subject: Re: [Cfrg] 1024 bit RSA
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Nov 2016 09:05:19 -0000
All the comments have been quite useful. Let me express my concern. There is a cyber war out there and it is been use politically. When it comes to smart grid, it will be very depending on a complex IT infrastructure (primarily using SCADA protocols). Our electricity networks are very critical infrastructures. The Ukraine black-out is a warning about what we might expect. My country (Denmark) and our allies are not always acting as other great powers may want. The threat to bring down a critical infrastructure could affect the policy making. We should not leave too many soft spots in our defence wall. My question was actually. Is a 1024 RSA key such a soft spot? From what I hear, the answer might be yes. Erik -----Oprindelig meddelelse----- Fra: Cfrg [mailto:cfrg-bounces@irtf.org] På vegne af Peter Gutmann Sendt: 05 November 2016 04:51 Til: Ilari Liusvaara <ilariliusvaara@welho.com>; Hal Murray <hmurray@megapathdsl.net> Cc: Cfrg <cfrg@irtf.org> Emne: Re: [Cfrg] 1024 bit RSA Ilari Liusvaara <ilariliusvaara@welho.com> writes: >In summary, I would guess that factoring RSA 1024 keys would be within >reach of groups who could do ASIC design and then ordering custom chips off fabs. >Of course, that's still many millions, so one would need the financial >case of spending that much money (it is going to be millions of dollars >at the very least). And that's the key point, would anyone bother? There's always the hypothetical government-level attacker with magical access to infinite resources lurking in the shadows, but as Snowden has shown, they don't need to spend that much to get in, or build crypto-breakers to do it. If I was an NSA program manager and someone came to me and said "we need $100M to build an ASIC-based RSA cracker, which we should have tested, debugged, and operational in two years", I'd reply "here's a full *one hundredth* of that amount, you've got a week to get in by backdooring or subverting or bribing or whatever" (with an optional side-order of "yer lazy bastard" in an Ernest Borgnine accent). Even if there was absolutely no other way in, I can't see how you could justify building something like that unless you were using it to attack something of extraordinarily high value like the single RSA-1024 key that the Kremlin uses to communicate with all its local offices. DH group 2 (group 1 in SSH terminology), sure (although an RSA-breaker can't do anything with those anyway), but some random RSA key somewhere? Peter. _______________________________________________ Cfrg mailing list Cfrg@irtf.org https://www.irtf.org/mailman/listinfo/cfrg
- Re: [Cfrg] 1024 bit RSA Derek Atkins
- Re: [Cfrg] 1024 bit RSA Peter Gutmann
- Re: [Cfrg] 1024 bit RSA Hanno Böck
- [Cfrg] 1024 bit RSA Erik Andersen
- Re: [Cfrg] 1024 bit RSA Phillip Hallam-Baker
- Re: [Cfrg] 1024 bit RSA Paul Grubbs
- Re: [Cfrg] 1024 bit RSA Hal Murray
- Re: [Cfrg] 1024 bit RSA Ilari Liusvaara
- Re: [Cfrg] 1024 bit RSA Peter Gutmann
- Re: [Cfrg] 1024 bit RSA Erik Andersen
- Re: [Cfrg] 1024 bit RSA John Mattsson
- Re: [Cfrg] 1024 bit RSA Hanno Böck
- Re: [Cfrg] 1024 bit RSA Erik Andersen
- Re: [Cfrg] 1024 bit RSA Peter Gutmann