[ksk-change] FYI: media coverage of '1024 DNSSEC RSA keys are weak'
Richard Lamb
richard.lamb at icann.org
Fri Nov 14 19:47:36 UTC 2014
Thanks to Peter Koch for pointing these articles out.
--
Heise, a German language online news medium, published an article titled
"DNSSEC with too short RSA keys".
<http://www.heise.de/newsticker/meldung/DNSSEC-mit-zu-kurzen-RSA-Schluesseln
-2449480.html>
The article refers to a paper by Dan Bernstein and Tanja Lange about
advances in factorization by massively parallel hardware operation
<http://cr.yp.to/factorization/batchnfs-20141109.pdf>. It appears that the
article might go far beyond the substance or even the claims in the paper.
There was a previous note at
<http://www.golem.de/news/verschluesselung-parallele-angriffe-auf-rsa-schlue
ssel-mit-1-024-bit-1411-110435.html>, much less alarmist.
Some serious review of the paper to evaluate the claims and conclusions
would be helpful.
-Peter
PS: an obviously, if RSA1024 was unusable for DNSSEC, there are other uses
..
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5456 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20141114/f9ab17ce/smime.p7s>
More information about the ksk-rollover
mailing list