Re: [Cfrg] 1024 bit RSA

"Erik Andersen" <> Sat, 05 November 2016 09:05 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 88FD41294E3 for <>; Sat, 5 Nov 2016 02:05:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 1.198
X-Spam-Level: *
X-Spam-Status: No, score=1.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_SORBS_SPAM=0.5, RCVD_IN_SORBS_WEB=3.297] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id NvmJAGWR00yC for <>; Sat, 5 Nov 2016 02:05:17 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 757531293E8 for <>; Sat, 5 Nov 2016 02:05:17 -0700 (PDT)
Received: from Morten ([]) by (DanDomain Mailserver) with ASMTP id 3201611051005132444 for <>; Sat, 05 Nov 2016 10:05:13 +0100
From: Erik Andersen <>
To: Cfrg <>
References: <>, <> <>
In-Reply-To: <>
Date: Sat, 05 Nov 2016 10:05:13 +0100
Message-ID: <000001d23743$b81c61d0$28552570$>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQHuVoLKDCGJ3ckH/Dd2oExCcI+wowK2H3PuAWSr4XWgcP3pMA==
Content-Language: en-gb
Archived-At: <>
Subject: Re: [Cfrg] 1024 bit RSA
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 05 Nov 2016 09:05:19 -0000

All the comments have been quite useful. Let me express my concern.

There is a cyber war out there and it is been use politically.

When it comes to smart grid, it will be very depending on a complex IT
infrastructure (primarily using SCADA protocols). Our electricity networks
are very critical infrastructures. The Ukraine black-out is a warning about
what we might expect. My country (Denmark) and our allies are not always
acting as other great powers may want. The threat to bring down a critical
infrastructure could affect the policy making. We should not leave too many
soft spots in our defence wall. My question was actually. Is a 1024 RSA key
such a soft spot? From what I hear, the answer might be yes.


-----Oprindelig meddelelse-----
Fra: Cfrg [] På vegne af Peter Gutmann
Sendt: 05 November 2016 04:51
Til: Ilari Liusvaara <>; Hal Murray
Cc: Cfrg <>
Emne: Re: [Cfrg] 1024 bit RSA

Ilari Liusvaara <> writes:

>In summary, I would guess that factoring RSA 1024 keys would be within 
>reach of groups who could do ASIC design and then ordering custom chips off
>Of course, that's still many millions, so one would need the financial 
>case of spending that much money (it is going to be millions of dollars 
>at the very least).

And that's the key point, would anyone bother?  There's always the
hypothetical government-level attacker with magical access to infinite
resources lurking in the shadows, but as Snowden has shown, they don't need
to spend that much to get in, or build crypto-breakers to do it.  If I was
an NSA program manager and someone came to me and said "we need $100M to
build an ASIC-based RSA cracker, which we should have tested, debugged, and
operational in two years", I'd reply "here's a full *one hundredth* of that
amount, you've got a week to get in by backdooring or subverting or bribing
or whatever"
(with an optional side-order of "yer lazy bastard" in an Ernest Borgnine

Even if there was absolutely no other way in, I can't see how you could
justify building something like that unless you were using it to attack
something of extraordinarily high value like the single RSA-1024 key that
the Kremlin uses to communicate with all its local offices.  DH group 2
(group 1 in SSH terminology), sure (although an RSA-breaker can't do
anything with those anyway), but some random RSA key somewhere?

Cfrg mailing list