In message <20050914143810.C7FE43BFF87@berkshire.machshav.com>, "Steven M. Bell
ovin" writes:
>In message <200509141407.28415.abuse@spamalicious.com>, "Charles M. Hannum" wr
>i
>tes:
>>There is a talk being presented at MIT today that shows clearly that 1Kb 
>>public keys can be factored fairly easily on cheap custom hardware.  It is 
>>long past time for SSH keys to be at least 2Kb by default.
>>
>Who is the talk by?  Is there an abstract?

I tracked down the talk announcement.  With that cast of characters, 
I'm quite happy to believe the results.  I'm even willing to believe 
that NSA et al have built such machines.  But it will still take a year 
per key, which means that for most of us there's no need to panic.  
Yes, we should change the default.  No, it's by no means urgent.


Open to the Public
                                                                                
DATE:    TODAY * TODAY * TODAY * WEDNESDAY, Sept. 14 2005
TIME:    4:00 p.m. - 5:30 p.m.
PLACE:   32-G575, Stata Center, 32 Vassar Street
TITLE:   Special-Purpose Hardware for Integer Factoring
SPEAKER: Eran Tromer, Weizmann Institute
                                                                                
Factoring of large integers is of considerable interest in
cryptography and algorithmic number theory. In the quest for
factorization of larger integers, the present bottleneck lies in the
sieving and matrix steps of the Number Field Sieve algorithm. In a
series of works, several special-purpose hardware architectures for
these steps were proposed and evaluated.
                                                                                
The use of custom hardware, as opposed to the traditional RAM model,
offers major benefits (beyond plain reduction of overheads): the
possibility of vast fine-grained parallelism, and the chance to
identify and exploit technological tradeoffs at the algorithmic level.
                                                                                
Taken together, these works have reduced the cost of factoring by many
orders of magnitude, making it feasible, for example, to factor
1024-bit integers within one year at the cost of about US$1M (as
opposed to the trillions of US$ forecasted previously). This talk will
survey these results, emphasizing the underlying general ideas.
                                                                                
Joint works with Adi Shamir, Arjen Lenstra, Willi Geiselmann, Rainer
Steinwandt, Hubert K?pfer, Jim Tomlinson, Wil Kortsmit, Bruce Dodson,
James Hughes and Paul Leyland.

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb