The strength of the encryption used now to protect banking and
e-commerce transactions on many Web sites may not be effective in as few
as five years, a cryptography expert has warned after a new distributing
key-cracking achievement.
Arjen Lenstra, a cryptology professor at the Ecole Polytechnique
Fédérale de Lausanne (EPFL) in Switzerland, said the distributed
computation project, conducted over 11 months, achieved the equivalent
in difficulty of cracking a 700-bit RSA encryption key, so it doesn't
mean transactions are at risk - yet.
But "it is good advanced warning" of the coming dusk of 1024-bit RSA
encryption, widely used now for Internet commerce, as computers and
mathematical techniques become more powerful, Lenstra said.
The RSA encryption algorithm uses a system of public and private keys to
encrypt and decrypt messages. The public key is calculated by
multiplying two very large prime numbers. By identifying the two prime
numbers used to create someone's public key, it's possible to calculate
that person's private key and decrypt messages. But determining the
prime numbers that make up a huge integer is nearly impossible without
lots of computers and lots of time.
Computer science researchers, however, have plenty of both.
Using between 300 and 400 off-the-shelf laptop and desktop computers at
EPFL, the University of Bonn and Nippon Telegraph and Telephone Corp. in
Japan, researchers factored a 307-digit number into two prime numbers.
Lenstra said they carefully selected a 307-digit number whose properties
would make it easier to factor than other large numbers: that number was
2 to the 1039th power minus 1.
Still, the calculations took 11 months, with the computers using special
mathematical formulas created by researchers to calculate the prime
numbers, Lenstra said.
Even with all that work, the researchers would only be able to read a
message encrypted with a key made from the 307-digit number they
factored. But systems using the RSA encryption algorithm assign
different keys to each user, and to break those keys, the process of
calculating prime numbers would have to be repeated.
The ability to calculate the prime number components of the current RSA
1024-bit public keys remains five to 10 years away, Lenstra said. Those
numbers are typically generated by multiplying two prime numbers with
around 150 digits each and are harder to factor than Lenstra's 307-digit
number.
The next target for Lenstra is factoring RSA 768-bit and eventually
1024-bit numbers. But even before those milestones are met, Web sites
should be looking toward stronger encryption than RSA 1024-bit.
"It is about time to change," Lenstra said.
Source:
http://www.techworld.com/security/news/index.cfm?RSS&NewsID=8940
--
Customized News: http://news.spotback.com
|
