Friday, February 19, 2010

Crypto Cracking: RSA 768 Factored

When I cover cryptography for security professionals, I always discuss bad choices in cryptographic solutions: designing your own cryptosystem, choosing a bad mode, and of course, too short of a key length. The good news is that scientists continue to pursue key cracks, providing great fodder for my teaching efforts.

The key length question in particular is interesting, as we continue to see higher and higher key lengths broken in widely used crypto systems. The most recent hurdle to fall is RSA 768, which was cracked using a number field sieve by an international team. The good news for those who have critical secrets encrypted with 768 bit keys is that this was a multi-year effort - we're not to the point where we can do commodity cracking of RSA keys of that length yet.

Interestingly, the techniques used significantly decrease the effort required to derive the key - the Register article describes a "thousands" of times more difficult effort than the signficantly greater effort that the key size alone would indicate. This makes teaching students about key length trickier - but it also means that explaining why key length alone is not the only factor to consider is important.

No comments: