RSA IS the weak link in PGP
Michael Johnson
mpjohnso at nyx10.cs.du.edu
Fri Jan 21 13:51:33 PST 1994
> ...the IDEA encryption algorithm used in PGP is actually
> MUCH stronger than RSA given the same key length. Even with a 1024 bit
> RSA key, it is believed that IDEA encryption is still stronger, and,
> since a chain is no stronger than it's weakest link, it is believed that
> RSA is actually the weakest part of the RSA - IDEA approach.
>
>Confirmation?
This is true. To equal the strength of a 128 bit IDEA key, the RSA key would
have to be about 3,000 bits long. This is because EVERY 128 bit number (except
maybe a small number of weak keys) is a good IDEA key, but only specially
selected large numbers work well for RSA keys. Of course, I'm not really
concerned that you will factor my 1024 bit RSA modulus by tomorrow morning :).
More information about the cypherpunks-legacy
mailing list