768-bit RSA (Security Token) Cracked, 1024-bit is Still Safe for the Moment

[6souls]

It appears the RSA encryption scheme has fallen as cryptographers have http://eprint.iacr.org/2010/006.pdf [PDF] 768-bit keys via the widely used public-key algorithm.

An international team of mathematicians, computer scientists and cryptographers broke the key though NFS, or number field sieve, which allowed them to deduce two prime numbers that when multiplied together generated a number with 768 bits.

The discovery, which took about two-and-a-half years and hundreds of general-purpose computers, means 768-bit RSA keys can no longer be counted on to encrypt or authenticate sensitive communications.

To quote: "The latest milestone to fall is 768-bit RSA; in a paper posted on a cryptography preprint server, academic researchers have now announced that they factored one of these keys in early December.

Most modern cryptography relies on single large numbers that are the product of two primes. If you know the numbers, it's relatively easy to encrypt and decrypt data; if you don't, finding the numbers by brute force is a big computational challenge.

The paper describes how the process was done with commodity hardware, albeit lots of it."

http://www.ps3news.com/images/img_18948.jpg

http://www.ps3news.com/forums/pc-tec...nt-109362.html
http://arstechnica.com

[Ruiner]

TL;DR version for the laymen?

[Ramor]

TL;DR version for the laymen?

768-bit RSA (Security Token) Cracked, 1024-bit is Still Safe for the Moment

^

[Skjie]

http://imgs.xkcd.com/comics/security.png

Real question is if this means anything for the SecurID tokens.

Edit: nope. Cool beans breaking a single code in 2 years, bro.

[Sonomaa]

Real question is if this means anything for the SecurID tokens.
Edit: nope. Cool beans breaking a single code in 2 years, bro.

all codes simply take time, nothing will ever be secure, hopefully secure ID tokens will stay good for a while but even Im not sure what they are tbh

[Skjie]

all codes simply take time, nothing will ever be secure, hopefully secure ID tokens will stay good for a while but even Im not sure what they are tbh

Sure, but saying that 1024bit is insecure because you could crack 768bit in 2 years of solid effort is a bit much. Especially after noting that the effort required is 1000x as much.

Interwebs say SecurID tokens are 128bit, but registering for the RSA website's info is more effort than I care to put in.

[Celeste]

Where there is a will, there is a way, am I right?

[Skjie]

Where there is grant money, there is a way, am I right?

Yes.

[Maguspk]

2 years to break that bit length key is a 'cool story'. Considering it should take (by brute force, given a very powerful computer) upwards of longer than the universe has been in existence. Let that sink in.

[Blarg]

I'd like to see the computers first try at cracking it just happen to work.