Still sounds pretty safe so far... if it really takes at least 20,000 times as long to crack a 1024 bit modulus, then it would still take the 7400 C.E. (Cray Equivalent) computer 24 years to crack a 1024 bit number. BUT, the biggest worry is that no one knows how good the NSA's factoring algorithms are. I read recently that the NSA is the world's largest employer of mathematicians. The relative improvement in factoring algorithms since the
Not to attack Doug's point, which has validity here (that we don't know what factoring advances NSA may have made), but I personally think the combined capabilities of "public domain mathematicians" are now far greater than what NSA has. Shamir, Odzylko, Blum, Micali, Rackoff, Goldwasser, Solovay, Berlenkamp, etc., are top-flight researchers, publishing many papers a year on these topics. It is unlikely that some GS-14 mathematicians at the Fort, not able to publish openly, have made much more progress. I think the resurgence of crypto in the 70s, triggered by public key methods and fueled by complexity theory breakthrough, caused a "sea change" in inside NSA-outside NSA algorithm expertise.
I disagree with this, and I would site as a case and point the fact that differential cryptanalytic attacks were not "discovered" until 1990 while a relatively small team of IBM cryptologists had it back in 1974 when they made DES. NSA apparently had it before then. This is why I would rather find a fast secure mulitple DES method based on spliting and not have to use IDEA which us so new. Before I was born, NSA knew all of these things which were not figured out by the academic community until this decade. (of course they could also know of some sort of back door, but I think that the fact that NSA knew of differential cryptography and let an algorithm immune to it pass while they lowered the key size says something about DES's security against attacks the academic community hasn't figured out yet. The bottom line is that NSA has demonstrated that they can outperform academia without public reviews of their method (LEAFs aside for the moment [government agencies are after all required to do several stupid things each year]) Cheers, JWS