[ksk-change] FYI: media coverage of '1024 DNSSEC RSA keys are weak'

Richard Lamb richard.lamb at icann.org
Fri Nov 14 19:47:36 UTC 2014


Thanks to Peter Koch for pointing these articles out.

--

Heise, a German language online news medium, published an article titled
"DNSSEC with too short RSA keys".
<http://www.heise.de/newsticker/meldung/DNSSEC-mit-zu-kurzen-RSA-Schluesseln
-2449480.html>                    

The article refers to a paper by Dan Bernstein and Tanja Lange about
advances in factorization by massively parallel hardware operation
<http://cr.yp.to/factorization/batchnfs-20141109.pdf>.  It appears that the
article might go far beyond the substance or even the claims in the paper.

There was a previous note at
<http://www.golem.de/news/verschluesselung-parallele-angriffe-auf-rsa-schlue
ssel-mit-1-024-bit-1411-110435.html>, much less alarmist.

Some serious review of the paper to evaluate the claims and conclusions
would be helpful.

-Peter

PS: an obviously, if RSA1024 was unusable for DNSSEC, there are other uses
..


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5456 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20141114/f9ab17ce/smime.p7s>


More information about the ksk-rollover mailing list