HOW to upgrade: 2.0.22 --> 2.3.3 ???

Robert J. Hansen rjh at sixdemonbag.org
Fri Oct 4 16:35:02 CEST 2024 

> A nation state with the ability to crack 1024 bit RSA would not spend
> years and billions of dollars on the messages/files of a single
> entity.

They absolutely would, in a heartbeat, and they'd consider it a bargain.

Imagine some major world power has a copy of an old message from 
Vladimir Putin, signed in '99 using 1024-bit RSA.  Is it worth a billion 
dollars to break the key, allowing them to forge authentic-looking 
messages that could be useful in disinformation campaigns?

Israel is believed to be a nuclear power but hard information on it is 
rare.  If you were Iran and were in possession of a 20-year-old copy of 
their nuclear weapon locations, would you spend a billion dollars to 
break that, even if 50% of the site locations have changed?  Probably.

> They would be able to get the information they wanted for much
> less.

When it comes to breaking archival intercepts there may not be an 
alternative.  The U.S. in particular is well-known for archiving old 
encrypted data in the hopes of breaking it later.  VENONA, for instance. 
  In the digital forensics community there are stories of the USG 
holding onto the shattered fragments of a CD-ROM that are being held for 
the day when 3D scanning and modeling matures to the point they can 
reassemble the CD-ROM from its fragments.  Of the DF nerds I worked 
with, all of us believed the story.  We argued instead about whether we 
had that capability yet, or how far away we were.

> So for current OpenPGP usage, 1024 bit RSA is for all practical
> purposes secure.

No.  Just a flat no.  If breaking RSA-1024 is feasible today, even if 
it's not practical, it will be practical *soon*.

In the United States, Top Secret-rated national security information is 
by default considered a grave threat to national security for 25 years. 
The CIA even has some they've declared major threats for 50 years.

I have zero confidence RSA-1024 will be safe for even *five* years.

Stop using RSA-1024 today.  The best time to stop using it was 25 years 
ago, but if you missed that opportunity, today's the next best bet.

More information about the Gnupg-users mailing list