On 01/04/2013 12:01 AM, JT wrote: > Does the RSA challenges have a given time complexity of factoring the > primeproduct, or did they have one that changed during resent years?
The RSA challenge numbers are still available somewhere. The contests for prize money has been discontinued.
I think many remain unfactored, as far as the general public knows, i.e. outside cryptologic agencies and government cipher schools.
They would deliberately choose n = p*q, p, q odd primes with the digit length of p and q being about half that of the composite number `n'. Other criteria were involved to exclude the existence of so-called weak prime factors, meaning those where a kown deterministic algorithm could do a lot better than average, roughly speaking.
512-bit composites are now old hat. 512+256 = 768. 768-bit composites aren't exactly old hat, but for some applications, private RSA keys should last 5 years or more, preferably against millionaire or billionaire enemies.
AFAIK, 2048-bit composites are deemed to be secure against lots of folk for a dozen years or more, something like that.
I don't see many <= 1024-bit public keys in SSL certificates ...