Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

We are. 1024-bit keys are being retired across cryptosystems everywhere, and have been for over a decade (don't get me started on the one laggard). Nothing threatens 2048 bit keys other than QC, which threatens RSA altogether. Progress isn't linear; it's not like 2048 falls mechanically some time after 1024 (which itself is not practical to attack today).


People might be assuming that 2048-bits is only twice as strong as 1024-bits, but it's in fact a billion times better. (corrected, thanks!)


That would be true if RSA scaled proportionally with the number of bits, but the exponent involved is much lower than 1. 1024->2048 gives you around the same difficulty as adding 30 bits to a symmetric key.


I stand corrected, thanks! 2^30 still means a billion times better.


It's also only true so long as we don't discover more efficient ways of factoring large numbers. We haven't come up with any dramatic improvements lately, but it's always possible that something will come up. Symmetric crypto systems like AES are on much firmer ground, as they don't depend as heavily on the difficulty of any single mathematical problem.


By "lately" you mean...


I'm hedging a little because I'm not an expert. :) As far as I'm aware, the last major algorithmic development was GNFS in 1993.


we are definitely not.

most countries registrar's won't support DNS hacks requied for larger dkim.

we still use the minimum key size in most countries.


What? Just use normal name servers. The registrar doesn't matter one bit, they delegate the zone to whatever name servers you specify. Those can serve whatever records properly.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: