Date: Jan 4, 2013 7:04 AM
Author: David Bernier
Subject: Re: Is  factorization of big primeproducts a solved problem YET?

On 01/04/2013 12:01 AM, JT wrote:
> Does the RSA challenges have a given time complexity of factoring the
> primeproduct, or did they have one that changed during resent years?


The RSA challenge numbers are still available somewhere.
The contests for prize money has been discontinued.

I think many remain unfactored, as far as the general
public knows, i.e. outside cryptologic agencies and
government cipher schools.

They would deliberately choose n = p*q, p, q odd primes
with the digit length of p and q being about half that
of the composite number `n'. Other criteria were involved
to exclude the existence of so-called weak prime factors,
meaning those where a kown deterministic algorithm could do
a lot better than average, roughly speaking.

512-bit composites are now old hat. 512+256 = 768.
768-bit composites aren't exactly old hat, but for some
applications, private RSA keys should last 5 years or more,
preferably against millionaire or billionaire enemies.

AFAIK, 2048-bit composites are deemed to be secure
against lots of folk for a dozen years or more, something
like that.

I don't see many <= 1024-bit public keys in SSL
certificates ...



dave