How long does it take to crack RSA 1024 with a PC?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{
margin-bottom:0;
}
.everyonelovesstackoverflow{position:absolute;height:1px;width:1px;opacity:0;top:0;left:0;pointer-events:none;}
$begingroup$
Using an Intel Core i5 CPU, how long does it take to crack RSA using a key size of 1024 bit (generated using a secure key pair generation function)?
Suppose for instance that we have thousands of zombies or a big network of computers. To calculate all the combinations or possibilities, can we distribute the process through a big network of computers?
rsa cryptanalysis factoring decryption
edited May 26 at 15:34
Maarten Bodewes♦
59.5k7 gold badges86 silver badges216 bronze badges
asked May 26 at 14:45
R1wR1w
7452 gold badges7 silver badges30 bronze badges
$endgroup$
|
show 2 more comments
$begingroup$
Using an Intel Core i5 CPU, how long does it take to crack RSA using a key size of 1024 bit (generated using a secure key pair generation function)?
Suppose for instance that we have thousands of zombies or a big network of computers. To calculate all the combinations or possibilities, can we distribute the process through a big network of computers?
rsa cryptanalysis factoring decryption
edited May 26 at 15:34
Maarten Bodewes♦
59.5k7 gold badges86 silver badges216 bronze badges
asked May 26 at 14:45
R1wR1w
7452 gold badges7 silver badges30 bronze badges
$endgroup$
2
$begingroup$
I think the standard estimate is $2^{40}$ work for 512-bit moduli and $2^{80}$ work for 1024-bit. A very optimistic guesstimate would probably be "1 day" for the 512-bit modulus, so $2^{40}$ (1 trillion) days for 1024-bit moduli. Of course I didn't use actual performance numbers (so no proper answer).
$endgroup$
– SEJPM♦
May 26 at 14:56
$begingroup$
Would you please tell me where or by which formula did you get 2^{80}?
$endgroup$
– R1w
May 26 at 19:26
1
$begingroup$
it's basically rounded from crypto.stackexchange.com/a/8692/24949
$endgroup$
– Z.T.
May 26 at 19:38
2
$begingroup$
What CPU family? What clock speed? How much RAM?
$endgroup$
– forest
May 26 at 23:20
1
$begingroup$
@R1w Sure, but precise hardware information is necessary to make accurate estimates. However you should assume that RSA 1024 can be broken with sufficient computing power (whether a huge number of consumer PCs or a specialized ASIC).
$endgroup$
– forest
May 27 at 8:15
|
show 2 more comments
$begingroup$
Using an Intel Core i5 CPU, how long does it take to crack RSA using a key size of 1024 bit (generated using a secure key pair generation function)?
Suppose for instance that we have thousands of zombies or a big network of computers. To calculate all the combinations or possibilities, can we distribute the process through a big network of computers?
rsa cryptanalysis factoring decryption
edited May 26 at 15:34
Maarten Bodewes♦
59.5k7 gold badges86 silver badges216 bronze badges
asked May 26 at 14:45
R1wR1w
7452 gold badges7 silver badges30 bronze badges
$endgroup$
Using an Intel Core i5 CPU, how long does it take to crack RSA using a key size of 1024 bit (generated using a secure key pair generation function)?
Suppose for instance that we have thousands of zombies or a big network of computers. To calculate all the combinations or possibilities, can we distribute the process through a big network of computers?
rsa cryptanalysis factoring decryption
rsa cryptanalysis factoring decryption
edited May 26 at 15:34
Maarten Bodewes♦
59.5k7 gold badges86 silver badges216 bronze badges
asked May 26 at 14:45
R1wR1w
7452 gold badges7 silver badges30 bronze badges
edited May 26 at 15:34
Maarten Bodewes♦
59.5k7 gold badges86 silver badges216 bronze badges
asked May 26 at 14:45
R1wR1w
7452 gold badges7 silver badges30 bronze badges
edited May 26 at 15:34
Maarten Bodewes♦
59.5k7 gold badges86 silver badges216 bronze badges
edited May 26 at 15:34
Maarten Bodewes♦
59.5k7 gold badges86 silver badges216 bronze badges
edited May 26 at 15:34
Maarten Bodewes♦
59.5k7 gold badges86 silver badges216 bronze badges
59.5k7 gold badges86 silver badges216 bronze badges
asked May 26 at 14:45
R1wR1w
7452 gold badges7 silver badges30 bronze badges
asked May 26 at 14:45
R1wR1w
7452 gold badges7 silver badges30 bronze badges
asked May 26 at 14:45
R1wR1w
7452 gold badges7 silver badges30 bronze badges
7452 gold badges7 silver badges30 bronze badges
2
$begingroup$
I think the standard estimate is $2^{40}$ work for 512-bit moduli and $2^{80}$ work for 1024-bit. A very optimistic guesstimate would probably be "1 day" for the 512-bit modulus, so $2^{40}$ (1 trillion) days for 1024-bit moduli. Of course I didn't use actual performance numbers (so no proper answer).
$endgroup$
– SEJPM♦
May 26 at 14:56
$begingroup$
Would you please tell me where or by which formula did you get 2^{80}?
$endgroup$
– R1w
May 26 at 19:26
1
$begingroup$
it's basically rounded from crypto.stackexchange.com/a/8692/24949
$endgroup$
– Z.T.
May 26 at 19:38
2
$begingroup$
What CPU family? What clock speed? How much RAM?
$endgroup$
– forest
May 26 at 23:20
1
$begingroup$
@R1w Sure, but precise hardware information is necessary to make accurate estimates. However you should assume that RSA 1024 can be broken with sufficient computing power (whether a huge number of consumer PCs or a specialized ASIC).
$endgroup$
– forest
May 27 at 8:15
|
show 2 more comments
2
$begingroup$
I think the standard estimate is $2^{40}$ work for 512-bit moduli and $2^{80}$ work for 1024-bit. A very optimistic guesstimate would probably be "1 day" for the 512-bit modulus, so $2^{40}$ (1 trillion) days for 1024-bit moduli. Of course I didn't use actual performance numbers (so no proper answer).
$endgroup$
– SEJPM♦
May 26 at 14:56
$begingroup$
Would you please tell me where or by which formula did you get 2^{80}?
$endgroup$
– R1w
May 26 at 19:26
1
$begingroup$
it's basically rounded from crypto.stackexchange.com/a/8692/24949
$endgroup$
– Z.T.
May 26 at 19:38
2
$begingroup$
What CPU family? What clock speed? How much RAM?
$endgroup$
– forest
May 26 at 23:20
1
$begingroup$
@R1w Sure, but precise hardware information is necessary to make accurate estimates. However you should assume that RSA 1024 can be broken with sufficient computing power (whether a huge number of consumer PCs or a specialized ASIC).
$endgroup$
– forest
May 27 at 8:15
2
2
$begingroup$
I think the standard estimate is $2^{40}$ work for 512-bit moduli and $2^{80}$ work for 1024-bit. A very optimistic guesstimate would probably be "1 day" for the 512-bit modulus, so $2^{40}$ (1 trillion) days for 1024-bit moduli. Of course I didn't use actual performance numbers (so no proper answer).
$endgroup$
– SEJPM♦
May 26 at 14:56
$begingroup$
I think the standard estimate is $2^{40}$ work for 512-bit moduli and $2^{80}$ work for 1024-bit. A very optimistic guesstimate would probably be "1 day" for the 512-bit modulus, so $2^{40}$ (1 trillion) days for 1024-bit moduli. Of course I didn't use actual performance numbers (so no proper answer).
$endgroup$
– SEJPM♦
May 26 at 14:56
$begingroup$
Would you please tell me where or by which formula did you get 2^{80}?
$endgroup$
– R1w
May 26 at 19:26
$begingroup$
Would you please tell me where or by which formula did you get 2^{80}?
$endgroup$
– R1w
May 26 at 19:26
1
1
$begingroup$
it's basically rounded from crypto.stackexchange.com/a/8692/24949
$endgroup$
– Z.T.
May 26 at 19:38
$begingroup$
it's basically rounded from crypto.stackexchange.com/a/8692/24949
$endgroup$
– Z.T.
May 26 at 19:38
2
2
$begingroup$
What CPU family? What clock speed? How much RAM?
$endgroup$
– forest
May 26 at 23:20
$begingroup$
What CPU family? What clock speed? How much RAM?
$endgroup$
– forest
May 26 at 23:20
1
1
$begingroup$
@R1w Sure, but precise hardware information is necessary to make accurate estimates. However you should assume that RSA 1024 can be broken with sufficient computing power (whether a huge number of consumer PCs or a specialized ASIC).
$endgroup$
– forest
May 27 at 8:15
$begingroup$
@R1w Sure, but precise hardware information is necessary to make accurate estimates. However you should assume that RSA 1024 can be broken with sufficient computing power (whether a huge number of consumer PCs or a specialized ASIC).
$endgroup$
– forest
May 27 at 8:15
|
show 2 more comments
1 Answer
1
active
oldest
votes
$begingroup$
RSA-768 took 2000 years of 2.2Ghz single core Opteron from year 2009 [1].
DJB et al wrote in 2013 [2] that RSA-1024 would take $2^{70}$ differences with $2^{24}$ per machine per second in 2009, so 2 million years. Hardware improved since then, and GNFS can use GPUs, so maybe better, but about a million years I guess.
Absolutely the computation can be parallelized to use many devices, for example to use a botnet, which is what DJB recommends. Whether one can have a botnet with a million devices with strong CPU/GPU that use up a lot of power and not get noticed for a year, is another matter entirely.
1 - https://en.wikipedia.org/wiki/RSA_numbers#RSA-768
2 - https://www.hyperelliptic.org/tanja/vortraege/facthacks-29C3.pdf (see page 30 or slide 87 of 112 or about 10 minutes of this video https://youtu.be/95N2KXqH5cs?t=2100)
answered May 26 at 15:27
Z.T.Z.T.
6814 silver badges16 bronze badges
$endgroup$
$begingroup$
So it makes Decryption-As-Service possible either for a legal issue or illegal.
$endgroup$
– R1w
May 26 at 16:00
2
$begingroup$
Yes, Nadia Heninger (co-author of that presentation I linked, cseweb.ucsd.edu/~nadiah) tried to run such a service on the public cloud. AFAIK this service doesn't exist, but anyone can create it using open source software (cado-nfs.gforge.inria.fr) and specialists can optimize the software for new hardware or to best use cloud spot instances, etc.
$endgroup$
– Z.T.
May 26 at 16:04
add a comment
|
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "281"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f70829%2fhow-long-does-it-take-to-crack-rsa-1024-with-a-pc%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
$begingroup$
RSA-768 took 2000 years of 2.2Ghz single core Opteron from year 2009 [1].
DJB et al wrote in 2013 [2] that RSA-1024 would take $2^{70}$ differences with $2^{24}$ per machine per second in 2009, so 2 million years. Hardware improved since then, and GNFS can use GPUs, so maybe better, but about a million years I guess.
Absolutely the computation can be parallelized to use many devices, for example to use a botnet, which is what DJB recommends. Whether one can have a botnet with a million devices with strong CPU/GPU that use up a lot of power and not get noticed for a year, is another matter entirely.
1 - https://en.wikipedia.org/wiki/RSA_numbers#RSA-768
2 - https://www.hyperelliptic.org/tanja/vortraege/facthacks-29C3.pdf (see page 30 or slide 87 of 112 or about 10 minutes of this video https://youtu.be/95N2KXqH5cs?t=2100)
answered May 26 at 15:27
Z.T.Z.T.
6814 silver badges16 bronze badges
$endgroup$
$begingroup$
So it makes Decryption-As-Service possible either for a legal issue or illegal.
$endgroup$
– R1w
May 26 at 16:00
2
$begingroup$
Yes, Nadia Heninger (co-author of that presentation I linked, cseweb.ucsd.edu/~nadiah) tried to run such a service on the public cloud. AFAIK this service doesn't exist, but anyone can create it using open source software (cado-nfs.gforge.inria.fr) and specialists can optimize the software for new hardware or to best use cloud spot instances, etc.
$endgroup$
– Z.T.
May 26 at 16:04
add a comment
|
$begingroup$
RSA-768 took 2000 years of 2.2Ghz single core Opteron from year 2009 [1].
DJB et al wrote in 2013 [2] that RSA-1024 would take $2^{70}$ differences with $2^{24}$ per machine per second in 2009, so 2 million years. Hardware improved since then, and GNFS can use GPUs, so maybe better, but about a million years I guess.
Absolutely the computation can be parallelized to use many devices, for example to use a botnet, which is what DJB recommends. Whether one can have a botnet with a million devices with strong CPU/GPU that use up a lot of power and not get noticed for a year, is another matter entirely.
1 - https://en.wikipedia.org/wiki/RSA_numbers#RSA-768
2 - https://www.hyperelliptic.org/tanja/vortraege/facthacks-29C3.pdf (see page 30 or slide 87 of 112 or about 10 minutes of this video https://youtu.be/95N2KXqH5cs?t=2100)
answered May 26 at 15:27
Z.T.Z.T.
6814 silver badges16 bronze badges
$endgroup$
$begingroup$
So it makes Decryption-As-Service possible either for a legal issue or illegal.
$endgroup$
– R1w
May 26 at 16:00
2
$begingroup$
Yes, Nadia Heninger (co-author of that presentation I linked, cseweb.ucsd.edu/~nadiah) tried to run such a service on the public cloud. AFAIK this service doesn't exist, but anyone can create it using open source software (cado-nfs.gforge.inria.fr) and specialists can optimize the software for new hardware or to best use cloud spot instances, etc.
$endgroup$
– Z.T.
May 26 at 16:04
add a comment
|
$begingroup$
RSA-768 took 2000 years of 2.2Ghz single core Opteron from year 2009 [1].
DJB et al wrote in 2013 [2] that RSA-1024 would take $2^{70}$ differences with $2^{24}$ per machine per second in 2009, so 2 million years. Hardware improved since then, and GNFS can use GPUs, so maybe better, but about a million years I guess.
Absolutely the computation can be parallelized to use many devices, for example to use a botnet, which is what DJB recommends. Whether one can have a botnet with a million devices with strong CPU/GPU that use up a lot of power and not get noticed for a year, is another matter entirely.
1 - https://en.wikipedia.org/wiki/RSA_numbers#RSA-768
2 - https://www.hyperelliptic.org/tanja/vortraege/facthacks-29C3.pdf (see page 30 or slide 87 of 112 or about 10 minutes of this video https://youtu.be/95N2KXqH5cs?t=2100)
answered May 26 at 15:27
Z.T.Z.T.
6814 silver badges16 bronze badges
$endgroup$
RSA-768 took 2000 years of 2.2Ghz single core Opteron from year 2009 [1].
DJB et al wrote in 2013 [2] that RSA-1024 would take $2^{70}$ differences with $2^{24}$ per machine per second in 2009, so 2 million years. Hardware improved since then, and GNFS can use GPUs, so maybe better, but about a million years I guess.
Absolutely the computation can be parallelized to use many devices, for example to use a botnet, which is what DJB recommends. Whether one can have a botnet with a million devices with strong CPU/GPU that use up a lot of power and not get noticed for a year, is another matter entirely.
1 - https://en.wikipedia.org/wiki/RSA_numbers#RSA-768
2 - https://www.hyperelliptic.org/tanja/vortraege/facthacks-29C3.pdf (see page 30 or slide 87 of 112 or about 10 minutes of this video https://youtu.be/95N2KXqH5cs?t=2100)
answered May 26 at 15:27
Z.T.Z.T.
6814 silver badges16 bronze badges
edited May 27 at 0:04
answered May 26 at 15:27
Z.T.Z.T.
6814 silver badges16 bronze badges
answered May 26 at 15:27
Z.T.Z.T.
6814 silver badges16 bronze badges
answered May 26 at 15:27
Z.T.Z.T.
6814 silver badges16 bronze badges
6814 silver badges16 bronze badges
$begingroup$
So it makes Decryption-As-Service possible either for a legal issue or illegal.
$endgroup$
– R1w
May 26 at 16:00
2
$begingroup$
Yes, Nadia Heninger (co-author of that presentation I linked, cseweb.ucsd.edu/~nadiah) tried to run such a service on the public cloud. AFAIK this service doesn't exist, but anyone can create it using open source software (cado-nfs.gforge.inria.fr) and specialists can optimize the software for new hardware or to best use cloud spot instances, etc.
$endgroup$
– Z.T.
May 26 at 16:04
add a comment
|
$begingroup$
So it makes Decryption-As-Service possible either for a legal issue or illegal.
$endgroup$
– R1w
May 26 at 16:00
2
$begingroup$
Yes, Nadia Heninger (co-author of that presentation I linked, cseweb.ucsd.edu/~nadiah) tried to run such a service on the public cloud. AFAIK this service doesn't exist, but anyone can create it using open source software (cado-nfs.gforge.inria.fr) and specialists can optimize the software for new hardware or to best use cloud spot instances, etc.
$endgroup$
– Z.T.
May 26 at 16:04
$begingroup$
So it makes Decryption-As-Service possible either for a legal issue or illegal.
$endgroup$
– R1w
May 26 at 16:00
$begingroup$
So it makes Decryption-As-Service possible either for a legal issue or illegal.
$endgroup$
– R1w
May 26 at 16:00
2
2
$begingroup$
Yes, Nadia Heninger (co-author of that presentation I linked, cseweb.ucsd.edu/~nadiah) tried to run such a service on the public cloud. AFAIK this service doesn't exist, but anyone can create it using open source software (cado-nfs.gforge.inria.fr) and specialists can optimize the software for new hardware or to best use cloud spot instances, etc.
$endgroup$
– Z.T.
May 26 at 16:04
$begingroup$
Yes, Nadia Heninger (co-author of that presentation I linked, cseweb.ucsd.edu/~nadiah) tried to run such a service on the public cloud. AFAIK this service doesn't exist, but anyone can create it using open source software (cado-nfs.gforge.inria.fr) and specialists can optimize the software for new hardware or to best use cloud spot instances, etc.
$endgroup$
– Z.T.
May 26 at 16:04
add a comment
|
Thanks for contributing an answer to Cryptography Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f70829%2fhow-long-does-it-take-to-crack-rsa-1024-with-a-pc%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2
$begingroup$
I think the standard estimate is $2^{40}$ work for 512-bit moduli and $2^{80}$ work for 1024-bit. A very optimistic guesstimate would probably be "1 day" for the 512-bit modulus, so $2^{40}$ (1 trillion) days for 1024-bit moduli. Of course I didn't use actual performance numbers (so no proper answer).
$endgroup$
– SEJPM♦
May 26 at 14:56
$begingroup$
Would you please tell me where or by which formula did you get 2^{80}?
$endgroup$
– R1w
May 26 at 19:26
1
$begingroup$
it's basically rounded from crypto.stackexchange.com/a/8692/24949
$endgroup$
– Z.T.
May 26 at 19:38
2
$begingroup$
What CPU family? What clock speed? How much RAM?
$endgroup$
– forest
May 26 at 23:20
1
$begingroup$
@R1w Sure, but precise hardware information is necessary to make accurate estimates. However you should assume that RSA 1024 can be broken with sufficient computing power (whether a huge number of consumer PCs or a specialized ASIC).
$endgroup$
– forest
May 27 at 8:15