[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Patents on RSA will expire soon....

David Taffs writes:

> Projecting current progress in factoring, how long will 1024-bit keys
> be secure against something like NSA?

Schneier has a good exposition of this in his book. It's worthwhile to
do the calculations, even back-of-the-envelope.

Assuming no surprise breakthroughs in factoring (in which case even 1200-1500
bit keys would fall, one would assume), a 1024-bit key is *vastly*
stronger than a 384-bit key, which just consumed several thousand
MIPS-years to break (to factor the modulus, of course). 

> Is it the case that by standarizing on 1024-bit keys for the
> forseeable future, are we merely providing a window of opportunity for
> cryptopunks which will work fine for awhile but which will slam shut
> forever once the NSA becomes able (as a result of vast computer power,
> if nothing else) to routinely factor numbers this large, maybe in
> about 2150 or so? Remember people thought RSA-129 would take a long
> time.

Recall that the RSA patents begin to expire in a few years and are
completely expired by 2002. After that, the issue will be moot. And at
the rate at which things are moving these days, I expect an
MIT-RSADSI-blessed version of PGP--perhaps Version 3--to add features,
increase key lengths, etc.

I don't know any details of the MIT-RSADSI deal, but I think this PGP
2.5 deal is a GOOD THING, on the whole. It gives the national security
apparatus no excuses for cracking down on PGP, vis-a-vis patent
infringements (not that they enforce patents, but that was a cloud
hanging over PGP), and probably makes the export of PGP for Zimmermann
a non-issue. (Somebody will very quickly export PGP 2.5 to Europe,
presumably by very untraceable means).

As for generating a new key, I was planning to do so anyway...one
ought to change one's key at least 0.5% as often as one change's one's
underwear. (Awkwardly said, but you get the idea.) As there is not yet
a Mac version, I'll have to wait a while.

> in the short to intermediate term. If people become complacent about
> this limitation, it could become institutionalized. If everybody
> uses PGP 2.5 for the next hundred years, what happens then?
Not too likely. Not even the next _five_ years.

By the time truly strong (last a couple of centuries) crypto is
needed, for critical financial trusts and cryonic suspension sorts of
things, this deal will help to make sure nothing can block the spread
of strong crypto.

A good thing.

--Tim May

Timothy C. May         | Crypto Anarchy: encryption, digital money,  
[email protected]       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."