In message <20050115210805.GA16702@panix.com>, Thor Lancelot Simon writes:
>On Sat, Jan 15, 2005 at 03:44:51PM -0500, William Allen Simpson wrote:
>> 
>> Nobody should trust relatively short primes for any length of time. 
>> That's one of several reasons to change them regularly. 
>
>I don't see how that actually addresses Charles' basic point: that unless
>the moduli currently in use *are not prime*, they cannot be "cracked" in
>any way that would reduce the security of the algorithms in which they are
>used.


The discrete log problem is "brittle" -- one has to put in a lot of 
effort up front for any given modulus; once that's done, solutions to 
each particular instance are relatively cheap.  There is thus some 
benefit to having lots of different moduli out there.

That said, I've seen no evidence that solutions are within reach -- at 
least within the open sector -- for 1024-bit moduli.  It's a toss-up 
whether or not major governments can crack it.

		--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb