On Thu, Apr 22, 2010 at 3:51 AM, Andrew K. Bressen <akb+lists.netrek-dev at mirror.to> wrote: > > These guys didn't crack RSA (which, by the way, does not suck) at all, > they cracked OpenSSL, by exploiting the specific way it uses RSA, and > to do it they needed physical access to the machine that had the > private key they were trying to steal. This is not particularly > interesting or exciting at a practical level, since it would be much > easier to steal the hard drive with the key on it or beat up the > sysadmin than to rewire the power supply of the server's CPU. Yes but RSA has (for some keysizes) already been cracked. Up to 768-bit keysize has been successfully factored: http://www.rsa.com/rsalabs/node.asp?id=2092 And who knows how much long 1024-bit keys are safe: http://arstechnica.com/security/news/2010/01/768-bit-rsa-cracked-1024-bit-safe-for-now.ars Zach