It occurs to me that the NSA may in fact have a much easier time of cracking most encrypted messages than is generally believed by the people who use them. We can rule out the idea that they may have computers capable of solving the ciphers by a brute force key search or modulus factoring -- basically, such a computer would be at least the size of jupiter, assuming complete mastery of nanotech. Since we can't see any such objects within five or six light-days, that pretty much cooks the "near real-time solving" of ciphers. However, we are forgetting what they do have. They've got Echelon. That means all kinds of intercepts, by and about the people communicating, most of them in plaintext. They keep dossiers on people that list vital statistics like birthdate, hometown, grade school and high school classmates, parents, siblings, neighbors, organizations, etc. They've got all our goofy quotes from our usenet posts, and of course everything that anyone's said on mailing lists like this one. Since most people use passwords and passphrases that are some chunk of personal information, their system may not have to crunch very long to come up with the password used by a particular target. Security sweeps are always finding people who used, eg, their college ID number, their first girlfriend's name, the street they lived on as a kid, their parents' address, names of countries or cities or fictional or historical characters, or even ghods help us their own drivers license number or SSN as a password. The spooks tend to have all of this info in a nice cross-indexed database, so they can start guessing on something a hell of a lot easier than random keys. If the NSA is using their resources effectively, and the key generator uses an input password or passphrase instead of random numbers, they may indeed be able to crack most 2048-bit RSA messages, in near realtime, just by knowing all the details about the people who sent them. This is not an attack on the cipher, but it could have the same effect against most opponents most of the time. Witness the case of Rashael Keavy, an enterprising businesswoman of San Francisco. In San Francisco, prostitution is considered about on a par with jaywalking. Technically it's illegal, but the cops, as a matter of policy, don't bother making arrests unless there's a "real" crime, either against the pro or against the john, involved. Ms. Keavy operated a ring of "outcall" prostitutes, and unlike most people in such businesses, treated her employees very well. Paid them $50K salaries, with bennies, a four month annual vacation, and a comprehensive health plan, according to the papers that covered the arrest. Anyway, when she expanded her business to the south, she encountered San Jose, where prostitution is actually considered a crime. A few months later, when the San Jose police were trying to raise money for something or other, she was arrested. She kept her business records encrypted on a laptop, and used a good cipher, and used some kind of file wipe utility -- so the cops figured they'd have to get one of her employees to testify against her -- but her employees, describing her as "a great woman", "an american hero", and generally the best thing ever to happen to them, flatly and unanimously refused to do so. This by the way is what attracted the attention of the press. Madams rarely inspire unconditional personal loyalty. So the cops called in a "data recovery" specialist from the FBI, and her laptop yielded up its secrets in short order. Ms. Keavy is now serving five to ten. (or heck, this was a couple years ago, she may be paroled by now). TANJ. Now I don't know what happened here -- there are any number of things that could have been done wrong in securing the laptop, especially since it was done by someone whose primary business was not cryptography. She may have forgotten to erase one time. She may have erased but failed to use her file wipe utility. The file wipe utility might have been one of those wimpy naive ones that just writes zeros over a file. The OS may have swapped the encryption program into the swapfile at a moment when the key was in memory, where they could just pick it off the disk later. But, it's also plausible that they just made a copy of the encrypted files, sent them off to the Fort, and let a million dollars worth of hardware running with a dossier about her whole damn life spend a few hours guessing her passphrase. Did they break the cipher? No. Did they break the message? You betcha. Bear