RSA 1024-bit Encryption not Enough, Says Researcher

The strength of the encryption used now to protect banking and e-commerce transactions on many Web sites may not be effective in as few as five years, a cryptography expert has warned after completing a new distributing-computing achievement.

Arjen Lenstra, a cryptology professor at the Ecole Polytechnique F'rale de Lausanne (EPFL) in Switzerland, said the distributed computation project, conducted over 11 months, achieved the equivalent in difficulty of cracking a 700-bit RSA encryption key, so it doesn't mean transactions are at risk-- yet.

But "it is good advanced warning" of the coming dusk of 1024-bit RSA encryption, widely used now for Internet commerce, as computers and mathematical techniques become more powerful, Lenstra said.

The RSA encryption algorithm uses a system of public and private keys to encrypt and decrypt messages. The public key is calculated by multiplying two very large prime numbers. Prime numbers are divisible only by "1" and themselves: For example, "2" and "3" and "7" are prime.