Blog

Encryption gets a Battering – Part 2, RSA

Written By:
Published:
Content Copyright © 2010 Bloor. All Rights Reserved.

RSA is an algorithm used in public key cryptography, and its discovery by Rivest, Shamir and Adleman (hence RSA) was a momentous development in the world of encryption. Subsequently RSA is used throughout the world as a way of encrypting data using a public key available to all and a secret private key kept by the person who wishes to decrypt the cipher text.

The beauty of RSA is the use of a special function that enables the one way mathematical treatment of plaintext data such that it can only be decrypted by this private key. In essence it is a one way function with a trap door—the private key. The success of RSA is based on the difficulty of factorising large numbers, something that requires exponential computing resource rather than the polynomial computing resource to encrypt the data using a public key.

As computing power has increased, the available horsepower to brute force crack RSA algorithms has grown as well. The most recent announcement, in December 2009, was that a group of mathematicians, computer scientists and cryptographers had managed to factorise a 768-bit RSA key using a technique called the number field sieve or NFS. That puts the next milestone, the 1024-bit RSA key, in reach in the next decade or so.

So what?

In reality this may have been an interesting academic exercise but current industry standards suggest that 1024 moduli aren’t used after 2010 anyway—standards put in place to address the foreseen increase in computer horsepower. Unless a real smart way is found to factorise numbers using some undiscovered mathematical technique then RSA key sizes will increase in line with required encryption cover time anyway, preserving the use of the RSA algorithm for the foreseeable future. Panic over.

As an aside what I found more amusing when reading the paper was this comment;

“…this required a bit more organizational efforts than expected, occasional recovery from mishaps such as unplugged network cables, switched off servers, or faulty raids, and a constantly growing farm of backup drives. We do not further comment on these more managerial issues in this article, but note that larger efforts of this sort would benefit from full-time professional supervision.”

I must admit to sniggering at the image of these well respected academics tripping over cables and unplugging servers as the experiment went on, for want of adult supervision. Maybe more “Carry on Cryptography” than we realise.