What is Digg?Sponsored by Travelzoo
All-time Low Fares for Thanksgiving, Christmas & New Year view!
travelzoo.com - Flights $52 and up. Nifty all-airline calendar identifies absolute cheapest dates to fly.
55 Comments
- NaughtyRobot, on 10/11/2007, -0/+32I'd assume that government can already crack 1024 RSA encryption - very rarely does public research outpace that done in secret by our government in areas of defense/encryption. Their accomplishment, while cool, is still a far cry from being practical in real world use; this really is the point of most encryption anyways - make it difficult enough to crack that by the time it is accomplished the data it was protecting is no longer valid/useful/etc. All the work they did would take a normal individual a long, long, long time - just to possibly get one credit card number? Criminals can phish for CC numbers with a lot less effort.
- trghpy, on 10/11/2007, -0/+15@ggidster
You can use what ever size key you want.
Just remember that the larger it is the longer it will take to encode/decode. - ween101, on 10/11/2007, -2/+17Good thing I always use the password "admin" and "123456" so I don't have to worry about things like this
- Crazychipmunk, on 10/11/2007, -1/+15Crap. This one is gonna suck to type.
- inactive, on 10/11/2007, -0/+11"very rarely does public research outpace that done in secret by our government in areas of defense/encryption."
I certainly don't have access to the secret stuff, so I'm just speculating here, but I tend to believe it is quite the opposite. The 3-letters-agencies geniuses get tired of deprecated "government issue" junk and they switch to a more challenging career into the private sector for a reason. I think the government keep its encryption secret only to prevent being outsmarted too early, not necessarily because the government is 10 years ahead on technology.
(as in, public encryption more mature and not as much at stake from peering eyes.)
At least I get this feeling by reading old declassified NSA documents, you realize their secret stuffs was not that much hotter than the public technology at the time, and they borrowed a lot of ideas from public researches of that era. - xtmno3, on 10/11/2007, -1/+12Although you hit the nail on the head with the point of security measures in general (make things hard, but not impossible) I think I should clarify part of what seems to be the purpose of this article.
This article serves as a milestone for people to note and adjust to. It is important in technology related fields to keep up on news such as this because it changes what is valid to do in practice and what isn't. In the future, as computers get faster, and algorithms get more refined etc, we will see the need to implement 2048, 4096, or higher forms of these encryptions. That is, if we don't come up with better encryption techniques by then.
This article does not really cover anything crazy or drastically new, it just marks a milestone, which is still cool IMO.
As for the CC number comment, people will always be the weakest link in any serious security system. - NaughtyRobot, on 10/11/2007, -2/+11They already have - its been around for a long time.
- Neiby, on 10/11/2007, -1/+9I have a friend who has done work for the NSA. He said that you simply wouldn't believe how fast they can decrypt stuff. He paraphrased someone else when he told me not to underestimate an organization that measures its computing power in acres.
- Wyzard, on 10/11/2007, -0/+7@angelbunny: I've seen 2048-bit RSA get decrypted too -- by the recipient of the message, who possessed the necessary private key.
Do you mean you've seen 2048-bit RSA *cracked*, by an attacker who doesn't already have the decryption key? If so, you should cite your sources. The world's cryptographic community would find your claim difficult to believe. - kefler, on 10/11/2007, -0/+6ggidster -- you can always up the encryption key length, but this has big implications for all the data out there that is encrypted this way..
Emails, tape backups, harddrives, and captures of internet data streams can be saved and later decoded when systems are fast enough to break the encryption. - diggapleaze, on 10/11/2007, -2/+8"very rarely does public research outpace that done in secret by our government in areas of defense/encryption."
erm...and how do you know that? - Phantom784, on 10/11/2007, -0/+5That's amazing! I have the same combination on my luggage!
- kazersoza, on 10/11/2007, -0/+5Yea.... but will it fit on a t-shirt?
- Wyzard, on 10/11/2007, -0/+4"I am pretty sure NSA can break 2048bit key without problems."
Thinking defensively, it makes sense to assume that they probably can. But unless the NSA is actually your adversary, it doesn't really matter.
Yes, the Allies cracked Enigma during WWII, but they had to be very careful not to let the Germans know they'd cracked it, or the Germans would switch to something else. This meant that they couldn't always act on the intelligence they received, and had to actually sacrifice some ships to surprise attacks they knew were coming -- evading the attacks would've been a clue to the German attackers that their messages had been intercepted. The secret was more important than the ships.
Likewise, even if the NSA can crack RSA, you'd have to be sending some mighty sensitive messages for them to risk revealing that they can read them. If it's something like your personal email, even if they read it, there's no way they're ever going to tell anyone what it said. - scarebear, on 10/11/2007, -1/+5from what i understand, the NSA is the worlds largest employer of mathematicians, so probably very true
- abaddono1, on 10/11/2007, -1/+5increase key size to 2048-bit, and we'll be fine for a few more years until elliptic curve cryptography comes into the mainstream
- catalysis, on 10/11/2007, -0/+4I believe the NSA has approved 256-bit AES for encryption of "top secret" information and 128-bit for secret info.
The government is not 10-years ahead of technology, because most research is still performed in public institutions. They may have lots of computers but nothing that isn't in the research journals. - Daisuke, on 10/11/2007, -0/+3@r00tus3r (#6852693)
FYI, RSA is not a hashing algorithm.
the more you know... - Metasquares, on 10/11/2007, -0/+3@angelbunny:
That person should publish his or her method, then, because it would constitute a major advance in cryptanalysis. - xtmno3, on 10/11/2007, -0/+3Love
Sex
Secret
God
Hack the planet! - inactive, on 10/11/2007, -0/+3Many people are moving over to Ellyptic Curve Cryptography anyway http://www.answers.com/topic/elliptic-curve-cryptography as managing even 1k keys is increasingly a burdon - ECC is around 16 times as fast for the same key size
- Rhino2, on 10/11/2007, -0/+3"This probably means someone is about to release a 2048 bit key encryption system..."
welcome to 1973! - Wyzard, on 10/11/2007, -0/+3In case you didn't mean that entirely as a joke: this is completely unrelated. The AACS processing key is not an RSA key nor even an asymmetric key in general, and it was recovered not by a cryptographic attack, but by extracting it from a piece of playback software which contained it.
- AngelBunny, on 10/11/2007, -0/+3the max i've ever used is 4096. The problem with it is at the time it took like 6 mins I think it was to issue a connection to another user to talk since it took that long for one key to be processed. I think at the time I was on a 667 p3 though. It has been a while.
- Wyzard, on 10/11/2007, -0/+3@catalysis:
"I believe the NSA has approved 256-bit AES for encryption of "top secret" information and 128-bit for secret info."
AES is a symmetric cipher, and symmetric key lengths are unrelated to those of public-key ciphers such as RSA. This news pertains to RSA, and the field of public-key cryptography in general. - Metasquares, on 10/11/2007, -0/+2(As I said before, but Digg didn't take the comment...)
You joke, but there is a large effort called the Great Internet Mersenne Prime Search (GIMPS) dedicated to factoring exactly these sorts of numbers (for the purpose of discovering new Mersenne primes).
Discover a new Mersenne prime and get an even perfect number free! :) - H0ns, on 10/11/2007, -0/+2"It's time to move to a longer key length"
- Heembo, on 10/11/2007, -0/+2Your best defense for web security is a great password that includes numbers, non alphanumeric characters, and a passphrase.
like:
123[]iAmAHackingGodSoStayAwayFromMyDate - asspants, on 10/11/2007, -3/+5A lot of people have this same conspiracy theory that the united states government has these crazy supercomputers that have way more power than what mainstream consumers and corporations could ever hope to obtain.
PROTIP: they don't. - bootle, on 10/11/2007, -0/+2It's 313 digits, not that it really makes a difference
- inactive, on 10/11/2007, -0/+1@asspants
Considering that the US has the most powerful supercomputer in the world (by a long shot) and tons of other smaller but supremely powerful super computers, it is quite easy for them to find a few hundred years of computing laying around here and there for cracking keys or creating rainbow tables. After all, you only have to crack the keys once and store them in a database for instant decryption. The 300 CPU years would take the government's largest computer roughly 1 day to crack the number used in this experiment.
http://top500.org - unique172, on 12/10/2008, -0/+1Just made one today, actually...though it takes a long time to find keys over about 1000 digits.
- KitchenRaider, on 10/11/2007, -0/+112345 works just fine for me!
- AngelBunny, on 10/11/2007, -0/+1lol i thought it was fcc for a second
if it is 16 times faster then it is 16 times quicker to bruit force. Something doesn't add up.
Maybe it is 1/16th the size for the equivalent encryption? That means 16x faster for data but x16 slower for computers.
Regardless, decrypting this can be done using the exact same method that can be done on rsa. There is nothing special at all about it, and it is far from the future.
still neat though ;) - breakaway, on 10/11/2007, -0/+1I wish I wasn't so ***** at maths so I could understand the mathematical bits of this article.
- spraguep, on 10/11/2007, -0/+1NNSA != NSA
The computing power of the NSA I'm sure is classified. I'm also sure it blows away anything on that list. - unique172, on 12/10/2008, -0/+1I'd agree, except that the NSA is the number one employer for PhDs in number theory today.
- Boondoggle, on 10/11/2007, -0/+1It is no problem as long as you have several hundred years.
- S1ngular1ty1, on 10/11/2007, -0/+1@missingnoh4x
Please don't comment on things you know nothing about. The HD DVD crack is not a "hack" or even that special. The key they found was laying out in the open in computer memory. It is easy to decrypt something if you know the key.
And like Wyzard said, that was totally unrelated to the subject of this article which deals with pubic key cryptography. - dimsumx, on 10/11/2007, -0/+1It deters the lazy people.
- missingnoh4x, on 10/11/2007, -0/+1And the MPAA thought the 128 bits of 09F9 was secure...
- flaflashr, on 10/11/2007, -0/+1Guess I can stop the computers that have been running all year factoring a 301 digit number :)
- inactive, on 10/11/2007, -1/+1Many methods of encryption exist that the NSA cannot crack.
I'm sure our current "enemies" are well aware of many of them.
RSA, DES, PGP, ect mainly HELP protect the law abiding from the crooks.
They can never protect your political freedom from the US surveillance police state........ - TheNameless88, on 10/11/2007, -0/+0I prefer "password" myself.
- AngelBunny, on 10/11/2007, -2/+1i think it was md5 looking back trying to find what i saw
- Rhino2, on 10/11/2007, -2/+1"I'm glad earl laid half your asses on the floor so I didn't have to."
Lay it Earl. Lay it. - inactive, on 10/11/2007, -4/+2I'm glad earl laid half your asses on the floor so I didn't have to.
- Rebel44, on 10/11/2007, -2/+0Germans also thought that by adding another cylinders they would prevent allies from decrypting their communications - I am pretty sure NSA can break 2048bit key without problems.
- r00tus3r, on 10/11/2007, -6/+2Looks like those encrypted passwords stolen from the Pirate Bay aren't so safe after all.
- ggidster, on 10/11/2007, -8/+4naughtyrobot/trghpy - thanks for the info. I didn't realise you could just make up key length. So given the modern day processor, with mega ghz of horsepower, is it such a big deal? Don't we just keep increasing complexity?
-
Show 51 - 55 of 55 discussions
The Digg Toolbar for Firefox lets you Digg, submit content, and keep track of Digg even when you're not on the Digg site. Download the official 
© Digg Inc. 2009
— Content created and posted by Digg users is