Network Computingwww.networkcomputing.com

Bernstein's paper discusses implementing specialized hardware to be used in "number field sieve factoring," a method used to factor encryption keys based on large prime numbers. Most companies couldn't afford to implement the hardware -- predicted costs range upward of $1 billion. But large government organizations -- local and foreign -- have the resources to fabricate the specialized computer chips and the desire to crack 1,024-bit keys.

At the Financial Cryptography Conference earlier this year, NCipher's CTO Nicko van Someren announced that his team was able to factor 512-bit keys in six weeks -- a very short amount of time in the cryptography world -- using conventional office PCs. If your data will remain sensitive for the next 20 years, being able to find the encryption key within even six months is a big problem.

Exactly how does all this factor (pun intended) into your organization? You need to determine your current key sizes, encryption needs and practices, and start planning for migration now -- don't wait for the bomb to drop and crack your keys. When you start your migration, begin by figuring out how sensitive your data is and the life span of that sensitivity. Those answers will tell you what size keys you need to protect your data. For instance, consider using something stronger than a 1,024-bit key if you want your data to be protected beyond the year 2010. Today's standards also deem 56-bit "symmetrical" keys (ˆ la DES) and 512-bit "asymmetrical" RSA keys weak if your data's life span is longer than a day or two.