On Thu, Apr 22, 2010 at 3:51 AM, Andrew K. Bressen
<akb+lists.netrek-dev at mirror.to> wrote:
>
> These guys didn't crack RSA (which, by the way, does not suck) at all,
> they cracked OpenSSL, by exploiting the specific way it uses RSA, and
> to do it they needed physical access to the machine that had the
> private key they were trying to steal. This is not particularly
> interesting or exciting at a practical level, since it would be much
> easier to steal the hard drive with the key on it or beat up the
> sysadmin than to rewire the power supply of the server's CPU.

Yes but RSA has (for some keysizes) already been cracked.

Up to 768-bit keysize has been successfully factored:
http://www.rsa.com/rsalabs/node.asp?id=2092

And who knows how much long 1024-bit keys are safe:
http://arstechnica.com/security/news/2010/01/768-bit-rsa-cracked-1024-bit-safe-for-now.ars


Zach