views:

463

answers:

6

Is 1024 bit rsa secure, or is it crackable now? Is it safe for my program to use 1024 bit rsa? I read at http://pcworld.about.com/od/privacysecurity1/Researcher-RSA-1024-bit-encry.htm that 1024 bit encryption is unsecure, but I find 2048 bit slower, and also I see that various https sites (even paypal) use 1024 bit encryption. Is 1024 bit encryption secure enough?

A: 

Nothing is going to be totally secure forever. If you're that worried about it, just use 2048-bit and sacrifice speed for better security.

Besides, as the article states:

But determining the prime numbers that make up a huge integer is nearly impossible without lots of computers and lots of time.

It all depends on whether or not you think people will actually try that hard to get at whatever information you're trying to protect.

David Brown
+3  A: 

Last time I checked, NIST recommends 2048-bit RSA and predicts that it will remain secure until 2030. Page 66 of this PDF has the table.

Edit: They actually predict 1024-bit is OK until 2010, then 2048-bit until 2030, then 3072-bit after that. And it's NIST, not the NSA. Been too long since I did my thesis, LOL.

Kaleb Brasee
where can I get a list of how long various key sizes will be secure for?
Andrew Hownik
My bad, it was NIST. Here's the doc, page 66 has a table listing standards til 2010, 2030, and beyond: http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part1.pdf
Kaleb Brasee
+4  A: 

What are you trying to protect? If you are encrypting something that is not terribly vital, then 1024 may be fine, but, if you are protecting something that is very vital, such as someone's medical or financial info then 4096 bits would be better.

The size of the key really depends on what you are protecting, and how long you expect the encryption to hold. If your timeframe is that the info is only valid for 10 mins then 1024 works fine, for 10 years of protection it isn't.

So, what are you protecting?

James Black
+2  A: 

It is necessary to define the meaning of secure to get a useful answer.

Is your house secure? Mostly we make it "good enough." For example, making it harder to break in than the neighbors is often adequate. That way the thieves spend time trying to break into next door rather than your place.

It might be secure if it requires X hours to break in and the valuable content is worth Y. Converting time to money is tricky, but if it takes a cracker 100 hours of his time to break in, and the contents of your information is worth, say $100, then your data is probably secure enough.

wallyk
A: 

Found a recent paper addressing exactly this question:

On the Security of 1024-bit RSA and
160-bit Elliptic Curve Cryptography
version 2.1, September 1, 2009

http://eprint.iacr.org/2009/389.pdf

zen
They propose: "We consider what it means for the security of 1024-bit RSA – now, for the next five years, and for the next decade. At this point in time a brute-force attack against 1024-bit RSA would require about two years on a few million compute cores with many tens of gigabytes of memory per processor or mainboard. Though substantial, this is not an inconceivably large effort."
zen
+1  A: 

There is no easy answer to the question "is size n secure ?" because it depends on the resources of an expected attacker. This has two parts:

  • Resources that the attacker is willing to invest heavily depend on the situation: defeating your grandmother, a bored computer-science student, or the full secret service of some big, rich country, does not involve the same attack power. It also depends on the perceived value of the protected data.
  • When designing the system, you want some margin of security, which means that you will make some prophecies on how computing power will evolve in the future, and this raises the difficult question of the notion of cost.

So there are several estimates which have been proposed by various researchers and government institutes. This site offers a survey of such methods, with online calculators so that you may play a bit with some of the input parameters.

Short answer is that if you want short-term security (i.e. security is not relevant beyond, say, year 2015) and 1024 bits are not enough for you, then your enemies must be very powerful indeed. Scarily so. To the point that you should have other, more urgent trouble on your hands.

Thomas Pornin