On 23/5/09 01:24, Lionel Elie Mamane wrote:
On Wed, May 06, 2009 at 12:27:13AM +0200, Ian G wrote:
The predictions of the end of the world are premature. Note that nobody
has stolen money through an MD5 as yet, and nobody has stolen money
because of an RSA-512, either.
Maybe, but people have stolen money because of "too small RSA"
keys. It was RSA-320, not RSA-512. According to my sources, yp to and
including in the year 2007 (I don't know when it was stopped or
whether it was). Because the debit card of the swiss PostFinance was
using RSA-320 for authentication. As was the whole debit / credit card
system in France until the early 21st century; it seems there were
cases of theft up to 2001 in France.
France:
http://www.parodie.com/monetique/breveyescard_porteur_21112001.htm
http://www.parodie.com/monetique/
Switzerland:
http://events.ccc.de/congress/2006/Fahrplan/events/1775.en.html
http://www.postcard-sicherheit.ch/
http://chaostreff-zh.tuners.ch/Pestcard
Well, this is an important benchmark, if it indeed happened.
The questions would be: was the RSA cracked, or was it something else
that failed? Or a combination of things? What's with the 320 number?
Secondly, was money stolen because of this? I noticed that CCC is in
those links, and that indicates more of a "demo" quality.
Unfortunately my french & german isn't up to it, often a problem when
results come from other countries.
iang