Stories
Slash Boxes
Comments

SoylentNews is people

512-bit RSA Keys Cracked in Four Hours for only $75

posted by n1 on Wednesday October 21 2015, @07:46PM   Printer-friendly
from the what-are-you,-hourly? dept.

darkfeline writes:

Just recently, I moved my personal website to HTTPS, making sure to use a secure 2048-bit RSA key and TLS 1.2, and guarding against vulnerabilities such as POODLE and Logjam. It took some work, but not that much work, even for doing the research. Yet there are some people who just don't care.

Due to a new technique, 512-bit keys are now completely vulnerable for as little as $75.

The technique, which uses Amazon's EC2 cloud computing service, is described in a paper published last week titled Factoring as a Service .

[...] The researchers concluded that despite widespread awareness that 512-bit keys are highly susceptible to breaking, the message still hasn't adequately sunk in with many administrators. The researchers wrote:

512-bit RSA has been known to be insecure for at least fifteen years, but common knowledge of precisely how insecure has perhaps not kept pace with modern technology. We build a system capable of factoring a 512-bit RSA key reliably in under four hours. We then measure the impact of such a system by surveying the incidence of 512-bit RSA in our modern cryptographic infrastructure, and find a long tail of too-short public keys and export-grade cipher suites still in use in the wild. These numbers illustrate the challenges of keeping an aging Internet infrastructure up to date with even decades-old advances in cryptanalysis.

The article reports finding a significant number of sites that are still using 512-bit RSA keys to protect HTTPS, DNSSEC, ssh, e-mail (SMTP, POP3, and IMAP), and other services.

Original Submission

 
This discussion has been archived. No new comments can be posted.
512-bit RSA Keys Cracked in Four Hours for only $75 | Log In/Create an Account | Top | 34 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1) by korger on Wednesday October 21 2015, @11:35PM

    by korger (4465) on Wednesday October 21 2015, @11:35PM (#252985)
    There are numerous telltale signs for when people interested in high security should ditch a certain key size. My favorite is the factorization status of Mersenne numbers. These have the form M(p) = 2^p - 1, where p is prime, therefore M(p) has p binary digits. Unlike the RSA challenges, these numbers are not specifically created to make factorization difficult, but cracking some of them can still be a challenge, so as a rule of thumb, you should expect that once a particularly difficult M(p) has been factorized, the factorization of a p-bit RSA key could follow soon. Examples:

    M(523) was factorized in 1992. A 512-bit RSA modulus was factored in 1999.
    M(727) was factored in 2001. A 768-bit RSA modulus was factored in 2009.
    M(1061) was factored in 2012. Though no 1024-bit RSA modulus is known to have been factored yet, this is now only a matter of time.
    Today the smallest exponent still unfactored is M(991).

    The Cunningham Project [purdue.edu] publishes regularly the state-of-the-art in integer factorization. A cursory glance over these tables reveals that 2048-bit RSA keys should be secure for quite some time, but 1024 is already weak for high security applications.