[dnssec-deployment] Key sizes data point: RSA-640challenge factored

Wed Nov 9 15:24:32 EST 2005

>  At 12:45 -0500 11/9/05, Ã“lafur GuÃ°mundsson wrote:
>  >The German equivalent of NSA factored this number.
>  >The team purportedly used 80 Opteron CPUs and 5 months.
>  >http://mathworld.wolfram.com/news/2005-11-08/rsa-640/

>  As a person that barely understands crypto - so 
>  what (does this mean for DNSSEC deployment)?  Do 
>  we need to drop RSA altogether?  Does RSA-640 
>  mean 640 bit keys (are no good)?

Yeah, I'd say they are no good, or at least they'd only be good if
used for an hour.  The team factored a 192 digit number for the cost of
80 cpus and five months.  A gang of 10K similar machines might do this
in one day.

RSA itself is just fine, if you use a large enough modulus.  The
German team has been mowing down RSA moduli with great regularity and
surprisingly little CPU effort, so "large enough" is becoming pretty
darn large.

I'd recommend 1536 bits for 30 day keys and 2048 for multi-year keys.
Many people feel that's cutting it too close, but I think that this
will be good enough as long as silicon-based computing survives.

Hilarie