News Researchers crack 768-bit RSA

The RSA key length that is brute forceable has so far doubled roughly every 10 years (512 bit was broken in 1999 iirc). If that keeps up a 4096 bit key might be looking a bit dodgy by 2030, but a 8192 bit will probably still be strong.

 

So why does the SSL protocol allow brute forcing? Why can't they limit entry attempts to, say, 3 per hour?

 

@javerh

their running it against the data. capture a few encrypted packets and crack the key with those, now you have that persons key.

at least that is the way i understand it, i could be wrong, admittedly i only skimmed the paper.

 

F--k 1024, go straight to 18446744073709551616. 18446744073709551616-bit key should be quite tough.

 

It will be very tough. Especially on anybody trying to use SSL on their EEE . It will probably take the poor thing the rest of its life to handle a single request.

 

Arguably; it's all about picking your target I guess. A day hacking Warren Buffet's passwords is better than cracking mine in 10 mins, for sure.

 

Faster computers = More encryption required?

OMG The shock of it!!!

 

Go go Quantum Encryption algorithms

 

honestly, no level of encryption will be unbreakabe, all this talk about 1,000 year algorythms and stuff is bogus. there is no real way to approximate to processing power of an 'average' computer when you are talking about hackers trying to decrypt encoded information. anyone who is doing that sort of thing will not have an 'average' computer. you can get over half a TeraF.L.O.P. from a single PS3 sell processor when properly formatted, GPGPU's have enormous potential, AMD made the "teraflop-in-a-box" years ago. nowadays it is fully possible to get your hands on super-computer level processing power on a private buget, botnets, PS3's, quad-core CPU's, multi-GPU GPGPU arrangements, it's all accesable to those who know what their doing.

 

You have to take the whole 'it will take X amount of years to break' statements with a grain of salt.

It is assuming that the most basic forms of brute force algorithms would be used.

Just like in this new method, even though it required a component of brute force to obtain the solution, the main work effort was in the initial maths / technical research.

Therefore, even when the researchers here state that 1024-bit is currently safe, that is only in the case of using THEIR procedure. It does not mean that another research team couldn't develop a more efficient algorithm in the near future that could be a threat to 1024 or even 2048-bit encryption.

I think the main item of information to take away from the article is that brute force isn't just one method. If this team has created a 'more efficient' brute force procedure, it indicates that the basis of this whole type of encryption could be at risk.

SouperAndy

 

The whole discussion is rather stupid, actually. Why not just encrypt everything in pig latin and get over with it once and for all? ¬¬

 

lol ah that's a good one