Forgot your password?
typodupeerror
Math Encryption Security Science

A Mighty Number Falls 348

Posted by kdawson
from the time-to-generate-new-keys dept.
space_in_your_face writes "An international team has broken a long-standing record in an impressive feat of calculation. On March 6, computer clusters from three institutions (the EPFL, the University of Bonn, and NTT in Japan) reached the end of eleven months of strenuous calculation, churning out the prime factors of a well-known, hard-to-factor number — 2^1039 - 1 — that is 307 digits long." The lead researcher believes "the writing is on the wall" for 1024-bit encryption. "Last time, it took nine years for us to generalize from a special to a non-special hard-to factor number (155 digits). I won't make predictions, but let's just say it might be a good idea to stay tuned."
This discussion has been archived. No new comments can be posted.

A Mighty Number Falls

Comments Filter:
  • Um.... (Score:1, Insightful)

    by Anonymous Coward on Tuesday May 22, 2007 @02:31PM (#19224955)
    Slide rule?
  • Security (Score:3, Insightful)

    by morgan_greywolf (835522) * on Tuesday May 22, 2007 @02:35PM (#19225021) Homepage Journal
    "Security is about risk management. If you have something to protect that's valuable enough for someone to steal, and the only protection you have on it is 1,024-bit crypto, you deserve to have it stolen." -- Forgot who said it, but it was on /.
  • by Anonymous Cowpat (788193) on Tuesday May 22, 2007 @02:41PM (#19225135) Journal
    governments. Who, incidentally, are the prime targets for using encryption against.
  • on the wall, eh? (Score:4, Insightful)

    by Lord Ender (156273) on Tuesday May 22, 2007 @02:43PM (#19225167) Homepage
    Considering RSA Inc. sells X.509 token/smart card devices which support ONLY 1024-bit keys, I don't think it's going anywhere for a while.
  • by Kadin2048 (468275) * <slashdot.kadinNO@SPAMxoxy.net> on Tuesday May 22, 2007 @02:44PM (#19225191) Homepage Journal
    I understand that they'll be able to crack 1024, but still, 3 years to see my e-mails. It's not worth it for them. Now when they got it down to 3 hours I'll be worried, but by then we'll probably be using 4096.

    True, but what you need to think about is forward secrecy.

    There are lots of things being transmitted today that are still going to be in use three years from now. For example, think of financial information: if you use an encryption standard that's acceptable right now, but can be broken in three years (or, is trivially breakable in three years due to increases in computer power or techniques), then you're in trouble, because some of that information is still going to be sensitive/valuable in three years. The fact that you'll be using 4096 bits then doesn't matter, if someone grabs it now and crunches on it for a while. Same with identification numbers (SSNs, etc); if I grab a batch of numbers today, most of them will probably still be good in ten or fifteen years, and some of them will still be good in 30 or 40. That's how far out you need to be thinking when choosing an encryption standard for that data.

    There are some things where only immediate security matters (transmitting big session keys that get thrown away a few hours or minutes later), but many other things -- and I think general file encryption falls into this category -- where it's hard to predict for how long the encrypted information might be sensitive or valuable.
  • by Anonymous Coward on Tuesday May 22, 2007 @02:47PM (#19225245)
    You left out the time factor. How long do you need for whatever to remain secret? At the end even if cracked it may no longer be relevent to whomever's doing the cracking.
  • by fishbowl (7759) on Tuesday May 22, 2007 @03:13PM (#19225687)
    >Think hard about this. How can we have privacy in the digital age?

    By and large, "we" don't even use *mild* crypto, even in places where we really should be using *hard* crypto.

    Do we actually *want* privacy? Seems not.
  • by goombah99 (560566) on Tuesday May 22, 2007 @03:22PM (#19225839)
    While your first post was a joke, it's actually on topic and unkowingly insightful

    It's simply insane to use general purpose computer clusters to factor prime numbers when specialized devices built for factoring prime numbers can do the job thousands of times faster per node. These stunts are meaningless. All money funds for those waste of times should be put into developing better purpose built devices and more clever algorithms.

    here's an example pdf [arg4] of one such device. It's a tin can with single chip that has LED's integrated onto a shift register and a light detector at one end. costs about the same as one super computer node and is faster than a large cluster. Note that it's designed by the S in RSA so this is not baloney. it's not perfect and it needs technology refinement to scale to numbers larger than about 512 bits. That's where money wasted on this stunt should have been spent.

    What's even stupider is that the calculations themselves serve no purpose. Anyone with an napkin and a pencil can tell you whether or not the calculation is feasible on a given size computer cluster. The expected time to crack in a brute force application of a seive is entirely predictable. So what does cracking one prove?

    People who do this are more than harmless idiots. They waste money.

  • by Joce640k (829181) on Tuesday May 22, 2007 @03:52PM (#19226325) Homepage
    If you know how many calculations a second a given program can do then the rest is pointless. You just divide total seconds by number of PCs in the cluster.

    With climate change looming, pointless waste of electricity like this should be discouraged.

    PS: It's well known that RSA will fall. Number factoring is one of the half-dozen-or-so tasks a quantum computer can actually do. It's just a matter of time before a working quantum computer renders the whole public-key system unsafe.

  • by Detritus (11846) on Tuesday May 22, 2007 @03:52PM (#19226331) Homepage
    Unless your opponent is encrypting white-noise for kicks, the result of a successful decryption is going to have statistical properties that are significantly different from those of an unsuccessful decryption. Of course, it's helpful if you have more information, such as the source material is ASCII text, or every file starts with a known magic number.
  • by nasor (690345) on Tuesday May 22, 2007 @04:37PM (#19227099)
    Then I suppose I won't expect my 1024 bit encryption to keep my data safe from the NSA, in the same way that I won't expect my home alarm system to protect me from a strike team of navy SEALS.
  • by ArsonSmith (13997) on Tuesday May 22, 2007 @04:50PM (#19227371) Journal
    Wow, I thought the prime target to use encryption against where the people trying to break into my bank account. You learn something every day.
  • Psh...paradox? That's one's not worthy of the title, it only sounds reasonable until you realize Omni = Infinite. It's like asking if a Mathematician can make an Infinite number larger than another Mathematician's. To put it simply God can create a rock of infinite mass, so heavy that no one can lift it...and he can lift it. And btw in Christianity God didn't create the need for forgiveness, so your other complaint is a little off as well.

It is impossible to travel faster than light, and certainly not desirable, as one's hat keeps blowing off. -- Woody Allen

Working...