|

»

»

Mozilla - Security

The time to stop considering 1024 bit as secure is now !

View: New views

3 Messages — Rating Filter: Alert me

	The time to stop considering 1024 bit as secure is now ! by Jean-Marc Desperrier :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Kaspersky Lab announces the launch of Stop Gpcode, an international initiative against the blackmailer virus http://www.kaspersky.com/news?id=207575651 If Kaspersky has made the analyze, and breaking a 1024 bit key is reasonnably within reach of a distributed effort, that means nobody should be using a 1024 key today for really important security. Gulp :-( _______________________________________________ dev-security mailing list dev-security@... https://lists.mozilla.org/listinfo/dev-security
	Re: The time to stop considering 1024 bit as secure is now ! by Gervase Markham :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Jean-Marc Desperrier wrote: > Kaspersky Lab announces the launch of Stop Gpcode, an international > initiative against the blackmailer virus > http://www.kaspersky.com/news?id=207575651 That seems pointless to me. If they crack it after a few months, the virus author will just generate a new key and release the virus again. > If Kaspersky has made the analyze, and breaking a 1024 bit key is > reasonnably within reach of a distributed effort, that means nobody > should be using a 1024 key today for really important security. I would be interested in estimates of how much processor time they consider this will need. Gerv _______________________________________________ dev-security mailing list dev-security@... https://lists.mozilla.org/listinfo/dev-security
	Re: The time to stop considering 1024 bit as secure is now ! by Jean-Marc Desperrier :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Jean-Marc Desperrier wrote: >[...] > If Kaspersky has made the analyze, and breaking a 1024 bit key is > reasonnably within reach of a distributed effort, that means nobody > should be using a 1024 key today for really important security. I might have reacted a bit too strongly on this news. I does seem to be much less within reach of a distributed effort that I thought this meant it was. First Kapersky talked about using 15 millions computers to break the key, which is quite more than even the largest existing botnets. Second the 660 bit key they broke before was weakened in some way, which might be leading them into underestimating the effort required to break a 1024 key, and even this 15 millions computer estimation is challenged. But still transitioning away from 1024 bits should get some serious thinking and one should not rely too much on it still taking years to become a real threat (see in this document http://eprint.iacr.org/2007/205.pdf the reference that this recent factorisation result was equivalent to factorising a 700 bits key). _______________________________________________ dev-security mailing list dev-security@... https://lists.mozilla.org/listinfo/dev-security

LightInTheBox - Buy quality products at wholesale price!