RSA Key-length vulnerability.

http://www.mail-archive.com/cryptography%40wasabisystems.com/msg01830.html

 

I wish I understood this more than just enough to be extrememly worried that we've all been too complacent for far too long....

 

This is one of those, "hold your horses," posts. First, let me say that I was glad to see Pete link to the Cryptography list through Mail Archive. It's a good list. However, it should be understood by anyone not familiar with the list that it is frequented by many amateur cryptographers and mathematicians. Because of that you see many alarmist posts. The link that Pete pointed us to was just such a post. I'm glad he posted the link as these are important issues and we should be discussing them more.

But, a reality check is in order here. You should know that Dan Bernstein is an Associate Professor at the University of Illinois in Chicago and is a well respected mathematician. He is the author of djbdns, daemontools, and I believe qmail. He is a very good researcher. He also became known as a crusader for privacy rights in 1994 during the Clinton administration's attempt to bring us the Clipper chip and a host of anti-crypto laws and regulations. You will see Bernstein's papers mostly in the Journal of Cryptology and Mathematics of Computation.

Now, here are the facts and I'll try to keep this brief and simple. Bernstein has written a paper calling into question the security of cetain RSA keys by using a mathematical theory that uses extra-hardware computations to sift through and find redundancies and such in RSA. This is a mathematician's THEORY that may or may not (it probably does) have a basis in factual science. HOWEVER, the post Pete linked to was an alarmist post from an amateur who actually thinks we are at risk right now using our PGP keys. He even wrote

This is nothing short of ridiculous. Fear not, sleep well and Checkout, you're OK and so is everybody else using OpenPGP keys. It is a giant leap to go from Dan Bernstein's interesting paper to saying we should stop using RSA/ OpenPGP keys. I cannot stress this enough. This would be like a third grader reading a paper on the feasibility of building a 700 story building and somebody saying we should look out the window because there will soon be a huge 700 story building built by a third grader. It's that silly to say we should stop our use of RSA keys shorter than 2048 bits.

To go from this paper to stop using these keys and claiming PGP is at risk, is ridiculous.

It would take someone (with a LOT of money and expertise) to even BEGIN to put to use Bernstein's theory. I read in that thread someone saying it "wouldn't even cost that much." That's the problem with this particular list. Many uninformed readers and posters cause alarm. In this link from Pete, which was great as I think there needs to be more discussion on these issues, you have an alarmist commenting in an irrationally rash way on something that is a mathematician's theory and long way from anyone being able to crack your PGP files at home.

The opening sentence of Bruce Schneier's Applied Cryptography says, "There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files. This book is about the latter." For someone to be able to break your PGP files that were created with good strong keys/passphrases would take a long time based on Bernstein's paper and it would be a major government spending a lot of money to do it.

Use your PGP with confidence. Use RSA with confidence. There may (no, there WILL be a day) when we can say not to place confidence in RSA and PGP, but it's a long way down the road. I respect Bernstein and I think he may be on to something. But, remember, NASA has plans, ON PAPER, with no stone left unturned, for a manned trip to Mars, but it aint happenin' soon.

John

 

Thanks for the reassurance (and, hey - I don't even use encryption!)

 

yep, d@mn them alarmists, always stirring up stuff, panicking the masses, and misconstruing everything. Possessing just enough knowledge to make them dangerous, but I digress.

I'm sure we all agree the alarmist needs to mellow out, sip a hoegaarden (or perhaps a warsteiner) and reflect on their folley. Then, gather some REAL information backed my such respected persons as mentioned above and become a truly constructive advocate of security and awareness.

 

Think you can get away with this thinly-disguised GRC bashing?  $1 in the charity box, Unicron!

 

lol, you can't prove a thing. I was referring to the post above. In my country I am still inoccent until proven guilty!!!