Saw the following item in a thread on the netbsd-tech-security list [1]. The text below deals with 1024 bit RSA keys being/becoming practicable to crack (in about a year) as discussed in a talk at MIT earlier.
Glad that 3.8 also includes 2048 bit keys as a default [2]. I copied the talk announcement/abstract below for those interested. Cheers, Rogier Open to the Public DATE: TODAY * TODAY * TODAY * WEDNESDAY, Sept. 14 2005 TIME: 4:00 p.m. - 5:30 p.m. PLACE: 32-G575, Stata Center, 32 Vassar Street TITLE: Special-Purpose Hardware for Integer Factoring SPEAKER: Eran Tromer, Weizmann Institute Factoring of large integers is of considerable interest in cryptography and algorithmic number theory. In the quest for factorization of larger integers, the present bottleneck lies in the sieving and matrix steps of the Number Field Sieve algorithm. In a series of works, several special-purpose hardware architectures for these steps were proposed and evaluated. The use of custom hardware, as opposed to the traditional RAM model, offers major benefits (beyond plain reduction of overheads): the possibility of vast fine-grained parallelism, and the chance to identify and exploit technological tradeoffs at the algorithmic level. Taken together, these works have reduced the cost of factoring by many orders of magnitude, making it feasible, for example, to factor 1024-bit integers within one year at the cost of about US$1M (as opposed to the trillions of US$ forecasted previously). This talk will survey these results, emphasizing the underlying general ideas. Joint works with Adi Shamir, Arjen Lenstra, Willi Geiselmann, Rainer Steinwandt, Hubert K?pfer, Jim Tomlinson, Wil Kortsmit, Bruce Dodson, James Hughes and Paul Leyland. References: 1. 'OpenSSH key size' thread - MARC http://marc.theaimsgroup.com/?t=112670868100005&r=1&w=2 2. OpenSSH 4.2 release announcement http://www.openssh.com/txt/release-4.2
