[DNSOP] RSA cracking

Jim Reid <jim@rfc1035.com> Thu, 14 January 2010 10:28 UTC

Return-Path: <jim@rfc1035.com>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 97F2C3A6774 for <dnsop@core3.amsl.com>; Thu, 14 Jan 2010 02:28:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.849
X-Spam-Level:
X-Spam-Status: No, score=-2.849 tagged_above=-999 required=5 tests=[AWL=-0.550, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6f6NHQGrR3qC for <dnsop@core3.amsl.com>; Thu, 14 Jan 2010 02:28:44 -0800 (PST)
Received: from hutch.rfc1035.com (hutch.rfc1035.com [195.54.233.70]) by core3.amsl.com (Postfix) with ESMTP id 293B53A67A3 for <dnsop@ietf.org>; Thu, 14 Jan 2010 02:28:44 -0800 (PST)
Received: from gromit.rfc1035.com (gromit.rfc1035.com [195.54.233.69]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jim) by hutch.rfc1035.com (Postfix) with ESMTPSA id 9F859154283B; Thu, 14 Jan 2010 10:28:39 +0000 (GMT)
Message-Id: <78D11C45-ED0A-4DCE-8052-2B18E2823972@rfc1035.com>
From: Jim Reid <jim@rfc1035.com>
To: Alfred HÎnes <ah@TR-Sys.de>
In-Reply-To: <201001132058.VAA11959@TR-Sys.de>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Apple Message framework v936)
Date: Thu, 14 Jan 2010 10:28:39 +0000
References: <201001132058.VAA11959@TR-Sys.de>
X-Mailer: Apple Mail (2.936)
Cc: namedroppers@ops.ietf.org, IETF DNSOP WG <dnsop@ietf.org>
Subject: [DNSOP] RSA cracking
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jan 2010 10:28:45 -0000

On 13 Jan 2010, at 20:58, Alfred HÎnes wrote:

> An international team lead by the BSI (the "German NSA") and others
> has solved the RSA-768 challenge, and experts reportedly expect, due
> to significant progresses, that RSA-1024 will be solved in a rather
> short time, likely by the end of this year or so!

Hmmm. The paper by Klienjung et al (http://eprint.iacr.org/ 
2010/006.pdf) said it took ~2000 Opteron-years and ~2.5 years of  
elapsed time to crack RSA768. So if you change keys every month or  
two, there's not much to worry about.... BTW the authors of that paper  
said they don't expect 1024-bit RSA to be factored for another 5-10  
years with comparable resources to their RSA768 efforts unless  
factoring algorithms improve a lot.

> This means that we should immediately plan operationally for
> widespread use of 2048-bit RSA keys in the "near" future.

True. Some of us deployed 2048-bit RSA keys in 2007. Perhaps your  
friends at BSI might like to crack the KSK or ZSK for rfc1035.se? :-)