## A Mighty Number Falls 348

Posted
by
kdawson

from the time-to-generate-new-keys dept.

from the time-to-generate-new-keys dept.

space_in_your_face writes

*"An international team has broken a long-standing record in an impressive feat of calculation. On March 6, computer clusters from three institutions (the EPFL, the University of Bonn, and NTT in Japan) reached the end of eleven months of strenuous calculation, churning out the prime factors of a well-known, hard-to-factor number — 2^1039 - 1 — that is 307 digits long."*The lead researcher believes "the writing is on the wall" for 1024-bit encryption. "Last time, it took nine years for us to generalize from a special to a non-special hard-to factor number (155 digits). I won't make predictions, but let's just say it might be a good idea to stay tuned."
## Um.... (Score:1, Insightful)

## Security (Score:3, Insightful)

## Re:How many people have the computing power ... (Score:5, Insightful)

## on the wall, eh? (Score:4, Insightful)

## Three years isn't a whole lot. (Score:5, Insightful)

I understand that they'll be able to crack 1024, but still, 3 years to see my e-mails. It's not worth it for them. Now when they got it down to 3 hours I'll be worried, but by then we'll probably be using 4096.True, but what you need to think about is forward secrecy.

There are lots of things being transmitted today that are still going to be in use three years from now. For example, think of financial information: if you use an encryption standard that's acceptable right now, but can be broken in three years (or, is trivially breakable in three years due to increases in computer power or techniques), then you're in trouble, because some of that information is still going to be sensitive/valuable in three years. The fact that you'll be using 4096 bits

thendoesn't matter, if someone grabs it now and crunches on it for a while. Same with identification numbers (SSNs, etc); if I grab a batch of numbers today, most of them will probably still be good in ten or fifteen years, and some of them will still be good in 30 or 40. That's how far out you need to be thinking when choosing an encryption standard for that data.There are some things where only immediate security matters (transmitting big session keys that get thrown away a few hours or minutes later), but many other things -- and I think general file encryption falls into this category -- where it's hard to predict for how long the encrypted information might be sensitive or valuable.

## Security, time, relevent, pick any two. (Score:1, Insightful)

## Re:How about no encryption? (Score:3, Insightful)

By and large, "we" don't even use *mild* crypto, even in places where we really should be using *hard* crypto.

Do we actually *want* privacy? Seems not.

## Better than a slide rule (Score:5, Insightful)

It's simply insane to use general purpose computer clusters to factor prime numbers when specialized devices built for factoring prime numbers can do the job thousands of times faster per node. These stunts are meaningless. All money funds for those waste of times should be put into developing better purpose built devices and more clever algorithms.

here's an example pdf [arg4] of one such device. It's a tin can with single chip that has LED's integrated onto a shift register and a light detector at one end. costs about the same as one super computer node and is faster than a large cluster. Note that it's designed by the S in RSA so this is not baloney. it's not perfect and it needs technology refinement to scale to numbers larger than about 512 bits. That's where money wasted on this stunt should have been spent.

What's even stupider is that the calculations themselves serve no purpose. Anyone with an napkin and a pencil can tell you whether or not the calculation is feasible on a given size computer cluster. The expected time to crack in a brute force application of a seive is entirely predictable. So what does cracking one prove?

People who do this are more than harmless idiots. They waste money.

## Exactly...it proves nothing.... (Score:3, Insightful)

With climate change looming, pointless waste of electricity like this should be discouraged.

PS: It's well known that RSA will fall. Number factoring is one of the half-dozen-or-so tasks a quantum computer can actually do. It's just a matter of time before a working quantum computer renders the whole public-key system unsafe.

## Re:What about dynamic encryption algortithms? (Score:3, Insightful)

## Re:How many people have the computing power ... (Score:3, Insightful)

## Re:How many people have the computing power ... (Score:3, Insightful)

## Re:The god question and quantum computing (Score:3, Insightful)