re: a question about the security of RSA This question is better asked in sci.crypt, since it involves technicalities of number theory that are not in the purview of this list. Eric

Derek Atkins says:

Breaking IDEA would take a brute force attack (2^128 keys) unless something better comes up.

Its generally unwise to make the assumption that the only possible attack on your conventional scheme is a brute force attack. Certainly the attacks used on many previous generations of cryptosystems were never brute force -- and certainly every generation of naive cryptographer has said "well, using brute force it would take N years to break my cypher". A simple vingenere cypher with a 12 letter key would seem to be very strong indeed (stronger than DES), and yet we know you can break one in a few moments because there are better attacks than brute force. We have suprisingly little in the way of general theory on what would or would not make a conventional cryptosystem strong. Certainly differential cryptanalysis will not be the last thing people come up with. Until we know everything the NSA knows, I will be hesitant to say "unless something better comes up" and more comfortable saying "until something better comes up." Perry