Just recently, I moved my personal website to HTTPS, making sure to use a secure 2048-bit RSA key and TLS 1.2, and guarding against vulnerabilities such as POODLE and Logjam. It took some work, but not that much work, even for doing the research. Yet there are some people who just don't care.
Due to a new technique, 512-bit keys are now completely vulnerable for as little as $75.
The technique, which uses Amazon's EC2 cloud computing service, is described in a paper published last week titled Factoring as a Service .
[...] The researchers concluded that despite widespread awareness that 512-bit keys are highly susceptible to breaking, the message still hasn't adequately sunk in with many administrators. The researchers wrote:
512-bit RSA has been known to be insecure for at least fifteen years, but common knowledge of precisely how insecure has perhaps not kept pace with modern technology. We build a system capable of factoring a 512-bit RSA key reliably in under four hours. We then measure the impact of such a system by surveying the incidence of 512-bit RSA in our modern cryptographic infrastructure, and find a long tail of too-short public keys and export-grade cipher suites still in use in the wild. These numbers illustrate the challenges of keeping an aging Internet infrastructure up to date with even decades-old advances in cryptanalysis.
The article reports finding a significant number of sites that are still using 512-bit RSA keys to protect HTTPS, DNSSEC, ssh, e-mail (SMTP, POP3, and IMAP), and other services.
(Score: 2) by SecurityGuy on Thursday October 22 2015, @06:57PM
Adding a bit precisely doubles the number of possible values. A 1 bit key can be 0 or 1 (2 values), a 2 bit key can be 00, 01, 10, or 11 (4), and so on. 2 to the n possible values for an n bit key. A 512 bit key space has exactly half as many keys as a 513 bit key space IF all possible value are valid keys.
That's an important IF, by the way, as most n-bit values are not valid RSA keys. If they were, then you couldn't brute force even a 400 bit key in the length of time the universe has existed even if every atom in the universe could test a trillion a second.