Data encryption

We spoke some time ago in a previous post about cryptographic keys AES and RSA, and how long it would take to break them. The arrival of the New Year brought news regarding this subject. An international team of scientists from EPFL (Switzerland), INRIA (France), NTT (Japan), CWI (the Netherlands) and the University of Bonn (Germany) managed to factorize a 768-bits number (232 digits), known as RSA Challenge RSA-768. Despite the challenge being stopped for years, some researchers are still paying attention to this project. The previous record was that of the 663-bit, established on May 9, 2005. More than two years and many hundreds of machines were needed to achieve the factorization of RSA-768, an activity equivalent to that of one processor working non-stop for 1500 years.

The fact that the factorization of RSA-768 has been completed doesn’t mean that the RSA keys are useless; it means that, if we decide to protect our data with RSA-768, it would take an attacker about the same time to illicitly access this data – or even less, with the appropriate supercomputation infrastructure. Therefore, if we want to properly protect sensitive data, it would be advisable to use longer encryption keys. In a similar way, the authors of the article say that factorizing an RSA-1024 is about one thousand times harder than RSA-768, but surely the factorization of these RSA-1024 keys will be completed if the same effort is made than for breaking RSA-768. Therefore, if we want to protect relevant data with RSA, we’d better start thinking about using RSA-2048 keys, although, as we have stated before, it will come the time when these keys will be compromised too. It’s just a matter of time, and also a matter of knowing whether the encrypted data is worth all the effort.

Guzmán Santafé
S21sec labs