Researchers crack 768-bit RSA

January 13, 2010 // 1:03 p.m.

Tags: #cryptography #cypherpunk #encryption #ssl

Companies: #rsa

Security researchers have successfully broken the previously unassailable 768-bit RSA encryption algorithm - leading to fears for the safety of SSL-based web traffic.

As reported over on, the team - which includes individuals from NTT in Japan, the University of Bonn in Germany, and Microsoft in the US - used a novel algorithm along with a cluster of souped-up PCs to break the RSA algorithm with a 768-bit keyspace, which was previously thought to need around 1,500 years to complete on an average PC.

Indeed, the problem was solved so quickly by the cluster that the team describes "the overall effort [as] sufficiently low that even for short-term protection of data of little value, 768-bit RSA moduli can no longer be recommended."

The news that RSA can now be brute-forced in this manner raises concerns for the safety of the RSA-based Secure Sockets Layer, used to protect sensitive data - including logins and credit card details - during transit on the Web. Thankfully, the team believes that 1024-bit RSA - which uses a significantly larger keyspace, and is the most commonly used version on the Web today - should remain secure against such attacks.

However, the team advises corporations and governments to make plans for its replacement now - stating that 1024-bit RSA should be phased out "within the next three to four years." While the obvious patch is to replace it with a still-larger keyspace - 2048-bit RSA is not uncommon - Origin Storage's Andy Cordial believes that the future lies in two-factor authentication.

In a statement regarding the research, Cordial opined that although biometrics - such as fingerprint or iris recognition systems - are the obvious choice for data security, their currently high cost is prohibitive. Instead, he recommends the use of a smartcard or other physical token - allowing "the CEO or chairman to put his/her hand on heart and say the company's data is secure whilst in transit from one place to another," a promise that cannot be made "any more with single factor encryption."

For those interested in the technical details of the research, a white paper is available as a PDF file.

Are you concerned to see the previously unassailable RSA being broken in this way, or is 768 bits too small a keyspace to draw any conclusions about the security of the algorithm in the wild? Share your thoughts over in the forums.
Discuss this in the forums


Week in review