macarro wrote:
> The ability to calculate the prime number components of the current RSA
> 1024-bit public keys remains five to 10 years away, Lenstra said. Those
> numbers are typically generated by multiplying two prime numbers with
> around 150 digits each and are harder to factor than Lenstra's 307-digit
> number.
>
> The next target for Lenstra is factoring RSA 768-bit and eventually
> 1024-bit numbers. But even before those milestones are met, Web sites
> should be looking toward stronger encryption than RSA 1024-bit.
>
> "It is about time to change," Lenstra said.
Not everyone agrees with Arjen. Me, in particular.
RSA-768 is indeed the next target.
It will be about 150 times harder to break than
was 2^1039-1 and will require about 12 times the memory.
Doing a 1024-bit RSA key will be about 200,000 times as hard. This
is
a bit more than 2^17. I do not see our computer capabilities doubling
17
times within the next 5-10 years. Even if one allows (say) 3 or 4
doublings
by applying a larger effort than was used for 2^1039-1, I don't see
13 doublings
happening in the next 5-10 years. Note also that doing a 1024-bit key
will require
64-bit machines with 64-bit addressing. Such machines are scarce,
even today.
|
