1024-bit RSA keys in danger of compromise
By Martin O'Neal, April 23, 2002.
In recent weeks there have been concerned discussions in regard to the key sizes employed by the RSA public key algorithm (which is used in a variety of situations, including maybe most notably to secure the key exchange used for SSL web site access).
The issue at hand is a recent mathematical development that means that the keys used to secure the data transfers are no longer as safe as they were once thought to be. Without wishing to go into vast detail, the crux lies in the theoretical difficulty of factoring large integers (which underpin the security of the RSA algorithm).
The announcement that has people talking has been the publishing of a paper on integer factorisation by D. J. Bernstein [1]. The improvements in the factoring process that are suggested make breaking the key sizes that are in current circulation achievable in reasonable periods of time (as opposed to half-lives of the universe) for the kind of platforms that a government can bring to bear.
The broad measure of the security of a cryptographic key is that the larger the key size, then the harder it is to break and the greater the security afforded. Prior to the recent announcement, the RSA recommendation [2] was for a minimum key length of 1024-bits for general use, and a 2048-bit key for "extremely valuable keys". Expect this recommendation to be revised in the near future, and the minimum key size to be pushed higher.
The real world implications are that for the average organisation, if your keys are due for renewal then you should be looking for at least a 2048-bit key today.
As a specific requirement for the UK however, under the terms of the Data Protection Act, an organisation is bound to take "reasonable" measures to protect third-party data. In the coming weeks there will undoubtedly be a glut of automated tools to attack a variety of common protocols that rely on RSA public key technology. The question will be, at what point will failing to upgrade an organisations key technology be construed as not taking "reasonable" measures.
References:
