768-bit RSA encryption cracked

The process — carried out in early December — generated a five-terabyte decryption table and, say the researchers, would have taken them around 1,500 years using an AMD Opteron-based single PC.

The first stage in the decryption procedure involved identifying appropriate integers and then arraying these into a matrix, a process that reportedly took less than a day using a clustered PC system, and then working on the matrix to produce a code table.

According to the researchers, the overall effort involved in decryption is sufficiently low that even for short-term protection of data of little value, 768-bit RSA moduli can no longer be recommended.

Commenting on the decryption breakthrough, Andy Cordial, managing director of Origin Storage, a storage systems integration specialist, said that whilst the cracking exploit is impressive, it highlights the fact that the days of relying on encryption alone as a means of defending private data are now drawing to a close.

Cordial argues that the use of a PIN-based protection — and even biometric authentication — alongside a fully encrypted drive is now the logical choice for companies wanting to protect sensitive data from prying eyes.

And now that a 768-bit RSA crypto decryption table has been produced, he says that organisations can no longer expect their encrypted data to be secure from anyone equipped with a RAID-driven high-powered PC.

Furthermore, he said, it's even conceivable that a regulator at some stage in the future may take a dim view of, say, a bank claiming that its encryption system is sufficient to protect customer data — especially in a mobile situation — from prying eyes.

"We are," said Cordial, "rapidly reaching the stage where a single layer of protection for data is starting to become about as effective as a chocolate teapot against high-powered crypto hackers."

"And since biometric-enhanced encryption systems are still relatively expensive, the logical choice is a PIN/password-enhanced external encrypted drive such as our DataLocker range which uses a hardware based AES/CBC encryption chip, backed up by an onboard PIN/password unit," he said.

"At the very least, this will allow the CEO or chairman to put his/her hand on heart and say the company's data is secure whilst in transit from one place to another. That's a claim you can't truly make any more with single factor encryption," he added.

What’s Hot on Infosecurity Magazine?