Prior to Bernstein's discovery the row-reduction step in factorization could be made massively parallelizable, we believed that 1024 bit keys would remain unfactorable essentially forever. Now, 1024 bit RSA keys look to be factorable either presently, or in the very near future once Moore's law is taken into account. However, at a price tag of $2 billion for a specialized machine, we have a few years before anyone outside of
Len Sassaman <rabbi@quickie.net> writes: the
intelligence community attempts this.
What is most concerning to me is a few discoveries that were made while looking into the problem of widespread use of 1024 bit keys:
Out of curiosity, was there any indication that Bernstein's improvements might apply to the discrete log problem, DSA in general, and the 1024-bit limit on key size built into NIST's DSS standard? Revoking an RSA key and re-issuing a longer one might be a pain, but there's no option for that in the current GPG implementation. Cheers. -travis