Breaking 512-bit RSA with Amazon EC2 is a cinch. So why all the weak keys?

(credit: martinak15)

The cost and time required to break 512-bit RSA encryption keys has plummeted to an all-time low of just $75 and four hours using a recently published recipe that even computing novices can follow. But despite the ease and low cost, reliance on the weak keys to secure e-mails, secure-shell transactions, and other sensitive communications remains alarmingly high.

The technique, which uses Amazon's EC2 cloud computing service, is described in a paper published last week titled Factoring as a Service. It's the latest in a 16-year progression of attacks that have grown ever faster and cheaper. When 512-bit RSA keys were first factored in 1999, it took a supercomputer and hundreds of other computers seven months to carry out. Thanks to the edicts of Moore's Law – which holds that computing power doubles every 18 months or so – the factorization attack required just seven hours and $100 in March, when "FREAK," a then newly disclosed attack on HTTPS-protected websites with 512-bit keys, came to light.

In the seven months since FREAK's debut, websites have largely jettisoned the 1990s era cipher suite that made them susceptible to the factorization attack. And that was a good thing, since the factorization attack made it easy to obtain the secret key needed to cryptographically impersonate the webserver or to decipher encrypted traffic passing between the server and end users. But e-mail servers, by contrast, remain woefully less protected. According to the authors of last week's paper, the RSA_EXPORT cipher suite is used by an estimated 30.8 percent of e-mail services using the SMTP protocol, 13 percent of POP3S servers. and 12.6 percent of IMAP-based e-mail services.

Read 6 remaining paragraphs | Comments