Comment From the Bible (Score 3) 173
This is not so unexpected, given current computing power.
In Schneier's "Advanced Cryptography" he makes estimates on the amount of computer power needed to factor various size numbers. The estimatetd that using the General Number Field Sieve, it would take 30,000 mips-years to do the factoring of a 512 bit number (it took 6,000 mips-years). He also postulated that the NSA might have a much more efficient algorithm (that works at the same speed as the more specialized Special Number Field Sieve) that would do the job in under 200 hours. The number here, 6,000 mips years is in between these numbers, and completely expected. Anyone risking hundreds of millions of dollars on security the can be broken for less than that (i.e. 512 bit keys) deserves to lose their money.
What is safe? For comparison, the General Sieve would take
2*10^8 mips-years to factor a 768 bit number
and
3*10^11 mips-years to factor a 1024 bit number
IF a way to run this as fast as a special sieve is discovered these numbers become
100,000 mips-years
and
3*10^7 mips-years respectively.
Dedicated hardware sieves _could possibly_ do these today.
This result doesn't change the basic conclusion that 1024 bits is, for individuals, safe for the near future. For governments and banks etc. public keys of at least 2048 bits should be used.
It all depeds on how valuable your information is, how important performance is, and how long you want your data to be safe for.
Schneier also makes the useful remark that all predictions of the future are bunkum and shouldn't be trusted.
In Schneier's "Advanced Cryptography" he makes estimates on the amount of computer power needed to factor various size numbers. The estimatetd that using the General Number Field Sieve, it would take 30,000 mips-years to do the factoring of a 512 bit number (it took 6,000 mips-years). He also postulated that the NSA might have a much more efficient algorithm (that works at the same speed as the more specialized Special Number Field Sieve) that would do the job in under 200 hours. The number here, 6,000 mips years is in between these numbers, and completely expected. Anyone risking hundreds of millions of dollars on security the can be broken for less than that (i.e. 512 bit keys) deserves to lose their money.
What is safe? For comparison, the General Sieve would take
2*10^8 mips-years to factor a 768 bit number
and
3*10^11 mips-years to factor a 1024 bit number
IF a way to run this as fast as a special sieve is discovered these numbers become
100,000 mips-years
and
3*10^7 mips-years respectively.
Dedicated hardware sieves _could possibly_ do these today.
This result doesn't change the basic conclusion that 1024 bits is, for individuals, safe for the near future. For governments and banks etc. public keys of at least 2048 bits should be used.
It all depeds on how valuable your information is, how important performance is, and how long you want your data to be safe for.
Schneier also makes the useful remark that all predictions of the future are bunkum and shouldn't be trusted.
