-----BEGIN PGP SIGNED MESSAGE----- Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit To: cypherpunks@toad.com Date: Fri Aug 02 01:13:30 1996
Somebody says:
Is security provided by 1024-bit PGP key sufficient against most powerful computers that are available today? Say if smoe organization spent 10 billions of dollars on a cracking machine, would it be possible to crack the keys in reasonable time?
I'll defer to Mr. Atkin's numbers here, although I think that TLA's may have more computing power than his rough estimates. No matter what the exact numbers are, it seems that the answer is the same. 1024 bit keys appear to be secure for 1996, at least for individuals. You also have to remember that even if a 1024 bit key could be cracked for a mere [sic] million dollars, you have succeeded in making it easier for an organization to break into your house and bug your computer than crack your RSA key. Or use some other method (bribery, extortion, violence) to obtain that information.
Also, remember that although the PGP key is 1024 bits, it generates a much smaller IDEA key with 56 bits (I think... anyone?). The 56 bit key is vunerable to that $1 mil mystery machine that the NSA may or may not have.
IDEA keys are 128 bits long. (DES keys are the ones with 56 bits.) However, symmetric cryptosystems, such as IDEA, are harder to break by brute force. It is currently estimated that a 128 bit IDEA key is the equivalent of a 2304 bit RSA key. So, even though the 128 bit IDEA session key is shorter than the 1024 bit RSA key, the RSA key is easier to break using brute force. - -- David F. Ogren | ogren@concentric.net | "A man without religion is like a fish PGP Key ID: 0x6458EB29 | without a bicycle" - ------------------------------|---------------------------------------- Don't know what PGP is? | Need my public key? It's available Send a message to me with the | by server or by sending me a message subject GETPGPINFO | with the subject GETPGPKEY -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMgGOfOSLhCBkWOspAQEpzgf/Tn1gI8rjg+RxNbor9uIHMZgLWxGHcoMu WleZrgd2O/K6JNcBySpeLCVe+xgUwbdXPThLO6jP4eSwqpuNtZTLWmaU2LZond+O XIWSXRzEcvdFPoFISDpxLyLEJtZu122bc1xdlI8zhbO2CqeOcJmJ47WAaTul3wg7 MIyl7zZAvrXrzZ8ByYTpoG7C5d11kEeKCLw7ObxYXCaXXhWFphbxO8Kq3/C597H1 rb9cRu2zyt5OmN1ySMifTbrfMJvkeb9cNsSijv3q5m+ciIX5DKoH07kO82RxjT98 ndpyGbZkbZLWjKvDeNvrh2EtJRV6mfOIIZr2zaQyuyKlYmoP+VKuDA== =QN4L -----END PGP SIGNATURE-----