SoylentNews is people
SoylentNews
Just recently, I moved my personal website to HTTPS, making sure to use a secure 2048-bit RSA key and TLS 1.2, and guarding against vulnerabilities such as POODLE and Logjam. It took some work, but not that much work, even for doing the research. Yet there are some people who just don't care.
Due to a new technique, 512-bit keys are now completely vulnerable for as little as $75.
The technique, which uses Amazon's EC2 cloud computing service, is described in a paper published last week titled Factoring as a Service .
[...] The researchers concluded that despite widespread awareness that 512-bit keys are highly susceptible to breaking, the message still hasn't adequately sunk in with many administrators. The researchers wrote:
512-bit RSA has been known to be insecure for at least fifteen years, but common knowledge of precisely how insecure has perhaps not kept pace with modern technology. We build a system capable of factoring a 512-bit RSA key reliably in under four hours. We then measure the impact of such a system by surveying the incidence of 512-bit RSA in our modern cryptographic infrastructure, and find a long tail of too-short public keys and export-grade cipher suites still in use in the wild. These numbers illustrate the challenges of keeping an aging Internet infrastructure up to date with even decades-old advances in cryptanalysis.
The article reports finding a significant number of sites that are still using 512-bit RSA keys to protect HTTPS, DNSSEC, ssh, e-mail (SMTP, POP3, and IMAP), and other services.
(Score: 2) by VLM on Wednesday October 21 2015, @08:34PM
but as new GPUs and CPUs come out, it too will fall
No, cracking a 512 in four hours doesn't mathematically mean you can crack a 1024 in eight hours.
Its more like you can crack a 513 bit number in eight hours.
So if you run the math going from 512 to 4096 is a factor of 2 to the power of 3584. If you assume the old engineering estimate of about 3 bits per decimal digit, thats a thousand digit number. No not a factor of a thousand, a factor of a thousand digit number like 10e1000
Even going from 512 to 1024 that factor is a roughly 150 digit number. That's going to take awhile to scale.
Moores law etc had a real easy time of it the past couple decades going from transistor masks you could see with a magnifying glass down to a couple nm. And endless cheap available energy. Those days are done, technological advancement is over.
(Score: 0) by Anonymous Coward on Wednesday October 21 2015, @10:13PM
Those days are done, technological advancement is over.
That's quite the claim, there. Just because Moores law isn't really true anymore for our specific technology, that doesn't mean all technological advancement is over.
(Score: 2) by Hyperturtle on Wednesday October 21 2015, @10:18PM
oh I know that, you add 1 bit and expotentially increase the space. i tell lay people it is like calculating the amount of heinz varieties.
No there are not really 57 different types ketchup, but if we pretended, there are really 57 to the 57th power, because you can have 1/57th of this flavor and that flavor, or 3/57ths of that flavor and 5 of this one, or 57 of the same to make one solid flavor and... this is something people understand. That is like binary for laypeople, saying that I have add more bits doesn't always make sense to people.
So, I fully agree that taking 512 to 1024 isn't doubling it; if looked at just 512 and added one bit, we have 513 bits, and that adds 513 permutations for possible combinations possible for brute forcing, since that new bit can then match all values of 0 to 512 and add one to it, leading to 513 new values just from adding a single bit. That's more than doubling it, and we only just considered a single bit! there are 511 more to add permutations of. Much much harder to do than simply having twice the PCs going at it, but that'd sure help. Strong passwords are still useful in any event...
My point is that it too will fall--not in a linear fashion, but because projects like distributed.net, motivated players, etc all exist to defeat this all via brute force.
It may not be a concern now, but it too will fall is just my saying that the pope denounces violence, water is wet... some type of encryption was found to be crackable via brute force.
I do not have a chart handy, but if you look at the presumed crack rates for various encryption types, they show things in so many seconds, minutes, hours, days, years, centuries, etc, and who can be reasonably expected to do it.
Up until recently, no one ever thought to pretend CPU power got better, they just presumed it was the same hardware going at it.
So, not only can we not assume that it will take 4x as long to crack 64 bit instead of 32 bit, but we can't even use a constant value for the strength/speed of the hardware doing this attack. It will change, just like those people that mine bit coins. new hardware will come out and do it all faster.
but please don't think I had some timeline in mind. I wanted to make clear that it is silly to say 512 is broken and the solution is to upgrade to the next lowest value generally available. I really thought no one was actually was using 512 and if they were, that certificate is probably due to expire. And that the upgrade drum will always get beaten for this, because the dominos will always manage to eventually fall, either via a sweeping gesture, or through the crumbling via the resources of time. If you are going to upgrade, please upgrade to something greater than the next rung up. That's the most I can ask for!
(Score: 2) by fnj on Thursday October 22 2015, @12:29AM
There is a point where brute-forcing becomes impossible for all time. That occurs when the smallest-power theoretically possible operation (per quantum physics), times the number of operations necessary to brute-force within time t, exceeds the energy content of the universe.
Time t? It doesn't matter much what you choose. One human lifetime would satisfy a lot of us. Ten lifetimes, a lot more. A thousand lifetimes, anyone with any sense (if technological-level humanity lasts more than 100-1000 more years, I will eat my hat from the grave - just put a little thought into what geometric growth means).
Whatever value of t you settle on determines how many bits you need.
(Score: 2) by Kromagv0 on Thursday October 22 2015, @11:59AM
For symmetric key encryption that point is somewhere around 270 bits using classical computers or about 540 bits using quantum computers. Beyond that it requires more energy than would be available if the entire visible universe was converted to energy. Also that is just the energy to cycle a counter of the appropriate size through all states with no energy used for doing actual decryption. For asymmetric key encryption that uses prime factorization for its keys quantum computing breaks it, but Lattice based [wikipedia.org] cryptography so far seem to be immune to quantum attacks.
T-Shirts and bumper stickers [zazzle.com] to offend someone
(Score: 2) by SecurityGuy on Thursday October 22 2015, @06:57PM
Adding a bit precisely doubles the number of possible values. A 1 bit key can be 0 or 1 (2 values), a 2 bit key can be 00, 01, 10, or 11 (4), and so on. 2 to the n possible values for an n bit key. A 512 bit key space has exactly half as many keys as a 513 bit key space IF all possible value are valid keys.
That's an important IF, by the way, as most n-bit values are not valid RSA keys. If they were, then you couldn't brute force even a 400 bit key in the length of time the universe has existed even if every atom in the universe could test a trillion a second.