https://twitter.com/dangoodin001/status/919798487776034817 A 2nd major crypto vulnerability being disclosed Monday involves millions of 1024- and 2048-bit RSA keys that are practically factorizable.
RSA-1024/2048 busted - consider new pgp keys
https://twitter.com/dangoodin001/status/919798487776034817 A 2nd major crypto vulnerability being disclosed Monday involves millions of 1024- and 2048-bit RSA keys that are practically factorizable.
[17 Points] _PrinterPam_:
[4 Points] locofloco:
The key length is not the problem. It's about the implementation which generate those keys. So if you don't use a software based on Infineons implementation you can be pretty sure, that your key is still safe. Even with 2048 as the key length.
Well for DN stuff 4096 keys are mandatory in my opinion, but for daily use (for example if you're using a Yubikey which is not capable of a high key length) it's still pretty safe to use 2048 keys. Especially if you've used open-source implementations like gnupg or similar.
Edit: ah, wanted to answer the other thread and missed it :(
[2 Points] locofloco:
Well this is some good FUD. The Twitter link is without any proof. The second article just says that specific implementations are broken (the implementation coming from Infineon specifically hardware based key generation like smartcards or TPMs, not the key length itself.
[-1 Points] fJGaWYnYDb8VYS7u:
Completely broken
It means that if you have a document digitally signed with someone's private key, you can't prove it was really them who signed it. Or if you sent sensitive data encrypted under someone's public key, you can't be sure that only they can read it. You could now go to court and deny that it was you that signed something—there would be no way to prove it, because theoretically, anyone could have worked out your private key.
This has NOTHING to do with public key cryptography as we use it. just one particiular RSA library used for cryptocards, not the one in common usage. Your literacy privileges should hereby be revoked.