A possible addition, suggested by a co-worker.
IF someone should happen to listen in on your encrypted transaction,
and IF they happen to have the knowledge and awesome computing power to
crack that encryption within, say, one week - exactly what do they
have? A plain-text document detailing a transaction you made a week
ago, with no way to duplicate it or, realistically, use it in any useful
way.
And, IF these horrible criminal masterminds happen to be Americans,
they're virtually impossible to catch - they could just escape to the
Moon. We spent the 60's proving that it COULD be done.
Cheers,
- Drew.
> me wrote:
>
> To all,
>
> I know this is a little off topic, but I know a lot of you will be
> interested in helping me with this.
>
> Please review the following article for technical correctness. It is
> at best, my amateur compilation of inputs I received over the past few
> weeks from many different security related newsgroups. Hopefully, this
> will calm the storm generated by the clueless reporting of the
> "512-bit RSA key cracked" event. Keep in mind the audience for this
> article is the general public and those reporters that have "reported"
> on this event.
>
> Please let me know your comments/opinions.
>
> Thanks in advance,
>
> Michael Sorbera
>
> Webmaster
>
> Randolph-Brooks Federal Credit Union
>
> Here's my proposed article:
>
> A team of researchers, numbering in the hundreds, combined with over
> 300 awesome computers working over a seven-month period demonstrated
> that using their combined resources the capability exists to "crack"
> the 512-bit RSA key. This 512-bit key is currently used largely by
> E-Commerce sites that want to be able to do business internationally.
> Most of the U.S. based financial institutions have already made the
> upgrade to the 1024-bit RSA key.
>
> The actual 512-bit RSA key was not cracked. A 155-digit number that is
> the same length as the number for the 512-bit key was factored to its
> prime numbers. So the "actual" key was not factored or cracked, but a
> number similar to it was. The researchers demonstrated to the World
> that the key could be cracked, not that it was cracked. To actually
> crack the key, someone will have to duplicate the efforts of the
> researchers on the actual key. Most of the folks involved in this
> endeavor would not participate in an actual attack on a key.
>
> This 512 or 1024-bit RSA key is only one level of protection given to
> transactions on the Internet. Almost all public transactional Web
> sites use SSL (Secured Sockets Layer) to encrypt the data. In SSL,
> once the data is encrypted using the 512 or 1024-bit RSA key, it is
> encrypted again with ANOTHER key that�s generated by the browser. This
> other key is different every time you initiate an SSL session. For
> those browsers using 128-bit Strong U.S. encryption, a Cray super
> computer can crack it in 2 days. The average group of folks would have
> to get together 30 or so computers, running in parallel, teamed up
> with about 5 people at least 2 weeks of 24 hour a day operation to
> "crack" this second key.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
