On 10/20/2014 3:50 PM, David Conrad
wrote:
Unrelated to KSK change, but as we discussed it in the workshop...
https://kivo.com/p/h985rFcI, slides 37-39
Dr. Bernstein notes (page 38): "Analyses in 2003 concluded that RSA-1024 was breakable; e.g., 2003 Shamir-Tromer estimated 1 year, ≈ USD $10^7"
The paper he references is here
http://www.tau.ac.il/~tromer/papers/cbtwirl.pdf
Hmm... one of the interesting things here is that the author
estimates surface area of the equivalent silicon ASICs necessary for
a given rate of breaking. Given changes in processes (e.g.
substantially more density for about the same prices per wafer)
since 2003, I'm wondering if you can't get a 10 fold improvement for
the same price? E.g. call it 36 days to break a 1024bit key using
2014 ASIC technology and a $1m investment?
http://en.wikipedia.org/wiki/32_nanometer has an interesting
table. 2003 would have had 130 nm technology - 2014 is running
about 14nm.
I'm a bit disappointed at the lack of caveats in Dr. Bernstein's slides.
Regards,
-drc
P.S. Also perhaps of note (although not directly related to key change), the last bit of slide 47 and slides 50-53.
_______________________________________________
ksk-rollover mailing list
ksk-rollover@icann.org
https://mm.icann.org/mailman/listinfo/ksk-rollover