Monero

I asked Gerck if this was theoretical, or if they had cracked RSA-2048 in a real-world setting, if they planned to demonstrate this to any quantum computing experts who might vouch for their findings, and when their peer-reviewed findings would be published.

He responded, "We broke a public RSA-2048. We cannot risk impersonation."

Woodward, after reviewing the Gercks' research paper, said it appears to be "all theory proving various conjectures - and those proofs are definitely in question."

He added, "I'll believe they have done this when people can send them RSA modulus to factor and they send back two primes. Until I see that, I'm just confused and not convinced they've done what they claim in the headlines."

Generating an RSA private key involves multiplying two different large prime numbers to generate a key that is used to encrypt data. These so-called trapdoor algorithms make encryption easy but decryption difficult.

Using classical computers, which process data sequentially, brute-force cracking a strong key would require an enormous amount of time - perhaps hundreds if not trillions of years. But a big enough quantum computer, because it can use qubits to process data in parallel, could be used to easily crack even large keys generated using algorithms such as RSA in days if not hours.

Technology giants, including cloud providers, have already begun transitioning to post-quantum cryptography. In August, the Chromium Project adopted a hybrid cryptographic algorithm - X25519Kyber768 - for Chrome and Google Servers. As of Aug. 15, the latest version of Chrome includes a quantum hybrid key agreement mechanism. Amazon Web Services, Cloudflare, IBM and Microsoft are among the cloud providers also researching and updating products for post-quantum cryptography.

https://www.bankinfosecurity.com/blogs/researcher-claims-to-crack-rsa-2048-quantum-computer-p-3536

About the Author Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Recently (2023), the default of GnuPG has been changed: a new key generated will be no longer RSA but ECC. Elliptic (25519) is a way to go: keys are much shorter than say RSA4096. Migrating to elliptic is convenient and perhaps safer, even though RSA may be still safe too.

Realistically 2048 is about 600-digit. Factorization of a 100-400 digit number is more or less possible now. 600 is still hard, but maybe not totally impossible in the near future.

25519 was designed by D. J. Bernstein, who tenaciously fought a long legal battle against the US cryptography export regulations. He’s also strongly criticized various sabotages (backdoor) in NIST standardized cryptography algorithms, such as the random bit generation in Dual EC. That’s why people tend to like 25519, over RSA etc.

Nerdy footnotes 😅

multiplying two different large prime numbers

Technically, the two numbers are usually not proven primes (not a big deal: they’re most probably primes, just not mathematically proven…).

brute-force cracking a strong key would require an enormous amount of time

Obviously, one wouldn’t do a naive brute-force, like trial division. There are some number theoretic, sophisticated algorithms, and they’re getting stronger and stronger, both algorithm-wise and machine power-wise… Not too long ago, people were saying RSA512 was strong enough!

Without any proof, no peer review. It's a fraud.

Toms hardware can barely even review Internet routers properly, let alone anything else. I won't even bother reading an article from that site

The moment I read “crack on a smartphone” I knew it wasn’t true.

Wake me up when SHA-256 is cracked.

Looked into my key ring and found only a few RSA2048 keys (used by old Proton users). Apparently most devs use Ed or RSA4096 to sign today. Even Thunderbird (its OpenPGP is convenience first, security second, in a sense that your sec key is not passphrase-protected) generates at least RSA3072, RSA2048 is not even an option!

Though this news might be a joke, it’s totally possible that RSA2048 (or RSA itself) becomes eventually obsolete. Which doesn’t mean cryptography in general will be broken, of course. There are different kinds of "one-way" problems, like Ed, already widely used, based on elliptic curves.

If a faster factorization algorithm is found (though that may be proved to be impossible after all), it’s essentially great news. Even Gauss said, “the dignity of the science itself seems to require that every possible means be explored for the solution” (of primality test and factorization), meaning “We must try everything to find a better way to factor a big number!” (which also implies “a more effective attack against RSA!”).

Though no one wants broken cryptography, factorization is something number theorists would love to do quickly too, if possible at all.

See also [not directly related]: https://en.wikipedia.org/wiki/Logjam_(computer_security)