At 12:51 AM 4/15/96, Jim Gillogly wrote:

mpd@netcom.com (Mike Duvos) writes:

...

one? Also, a ballpark guess of how this result extrapolates to the MIPS years required to factor a 512 bit PGP key would probably be of interest to all.

I don't have a good guess for this, but Arjen did say that the cost to break RSA-130 was a fraction of what it cost to break RSA-129 because of the improved algorithm, so I'd guess we'll find out soon. The next target of the consortium is planned to be RSA-155, I believe, which is above 512 bits; that means skipping RSA-140 to go for the one with the higher psychological value. While 512-bit PGP keys are interesting to Cypherpunks, other 512-bit RSA keys are vitally important to some banks.

Also, note that 512 bits is the current exportable limit for RSA encryption. - Tim Tim Dierks -- timd@consensus.com -- www.consensus.com Head of Thing-u-ma-jig Engineering, Consensus Development