## 307-Digit Number Factored

We have a new factoring record: 307 digits. It’s a special number—2^1039 – 1—but the techniques can be generalized:

Is the writing on the wall for 1024-bit encryption” “The answer to that question is an unqualified yes,” says Lenstra. For the moment the standard is still secure, because it is much more difficult to factor a number made up of two huge prime numbers, such as an RSA number, than it is to factor a number like this one that has a special mathematical form. But the clock is definitely ticking. “Last time, it took nine years for us to generalize from a special to a non-special hard-to factor number (155 digits). I won’t make predictions, but let’s just say it might be a good idea to stay tuned.”

I hope RSA applications would have moved away from 1024-bit security years ago, but for those who haven’t yet: wake up.

EDITED TO ADD (5/21): That’s 1023 bits. (I should have said that.)

Ryan • May 21, 2007 11:02 AM

That’s a 1020 bit number. Very surprising.

Which raises the question: Is the writing on the wall for RSA in general?

Doesn’t a >2048-bit public key become impractical in many protocols? DomainKeys and other schemes require distribution of public keys via DNS.

The patent uncertainly surrounding ECC are not insurmountable. Is NIST planning on any public-key standard revisions, such as the AES and SHS workshops?