NationStates Jolt Archive

http://www.mail-archive.com/cryptography@wasabisystems.com/msg01830.html

Was just talking with Upward about this in another thread, so I'm putting it here so as not to hijack...

The link is 2002, so it's a bit old.

The paper is here http://cr.yp.to/papers/nfscircuit.pdf

Thought Upward might be interested. So, do you think this means that RSA might be crackable even at 1024 bits?

Do you think it's possible the government has implemented something like this in silicon? If so, does that mean that they can read RSA messages?

Since you won't believe it if I post a link to a government source on how much the NSA does, here's a link for you

http://www.aclu.org/safefree/nsaspying/23989res20060131.html

So they are combing for data.

The question is - can they crack a code? I know they can force you to hand over the keys (if you still have them).

Huh? What I seem to understand from that is that the security is breached because the key is a function of its bit-length.

I'm kinda thinking... duh? For a computer there is no such thing as a random number. So long as you know how that number is generated then you can narrow down the number of keys that may have been used.

It's like how your bank tells you to change your pin for your credit/debit card once you have received it as it is a function of your account number.

Huh? What I seem to understand from that is that the security is breached because the key is a function of its bit-length.

I'm kinda thinking... duh? For a computer there is no such thing as a random number. So long as you know how that number is generated then you can narrow down the number of keys that may have been used.

It's like how your bank tells you to change your pin for your credit/debit card once you have received it as it is a function of your account number.

Good point that randomness is a problem in key generation is a problem but there are ways and policies around it ... namely key rotation (depending on the algorithm)

There is no easy way to know key generation and if the key is used a minimal time or the method is changed for generation on a pre-set plan it makes it even statistically harder to get any sort of data on it things like changing up seed generators is also helpful

http://www.mail-archive.com/cryptography@wasabisystems.com/msg01830.html

Was just talking with Upward about this in another thread, so I'm putting it here so as not to hijack...

The link is 2002, so it's a bit old.

The paper is here http://cr.yp.to/papers/nfscircuit.pdf

Thought Upward might be interested. So, do you think this means that RSA might be crackable even at 1024 bits?

Do you think it's possible the government has implemented something like this in silicon? If so, does that mean that they can read RSA messages?

Its possible ... I mean theoretically all of them can be cracked but the computation power grows like crazy with keylength (and very little additive with key generation)

Some of the methods you posted were elegant (I am a fan of the sieve method myself) though their usefulness was pretty outdated

Good point that randomness is a problem in key generation is a problem but there are ways and policies around it ... namely key rotation (depending on the algorithm)

There is no easy way to know key generation and if the key is used a minimal time or the method is changed for generation on a pre-set plan it makes it even statistically harder to get any sort of data on it things like changing up seed generators is also helpfulThen why were the cryptographers in the link panicking so much?

Anyway, I had a compsci friend tell me once that the object of cryptography is not to keep data secure indefinitely, but until it is no longer of use. So say you were encrypting paypal accounts you would only need to keep the data secure for approximately 100 years plus allowance for technological advances.

Then why were the cryptographers in the link panicking so much?

Anyway, I had a compsci friend tell me once that the object of cryptography is not to keep data secure indefinitely, but until it is no longer of use. So say you were encrypting paypal accounts you would only need to keep the data secure for approximately 100 years plus allowance for technological advances.

From reading, because they had presumed it was harder than it is. I haven't read the referenced paper, although I will, but it seems to imply that it's three times easier than people had been expecting.

Ah well, just ramp up your key sizes.

Then why were the cryptographers in the link panicking so much?

Anyway, I had a compsci friend tell me once that the object of cryptography is not to keep data secure indefinitely, but until it is no longer of use. So say you were encrypting paypal accounts you would only need to keep the data secure for approximately 100 years plus allowance for technological advances.

Because they are always panicking so much lol

Anyways
Absolutely correct as far as encryption length ... the trick is to make it secure long enough to do what the data needs to do and no longer. This minimizes resources spent on your part and maximizes money spent on theirs.

Example cracking a hash on a password ... great now in most cases its down to about 200 + days to crack the hash on your password in the best of cases but what good is it for them if you have a 90 day password cycle (which by the way is one of the common reasons for keeping password change policies in place)

Hmm... I have an idea for nonstandard cryptography, but then again, I don't encrypt stuff...

Erm, possibly, yeah.