Breaking RSA

Derek Atkins warlord at ATHENA.MIT.EDU
Tue Mar 22 16:18:51 PST 1994


As one of the people quoted in the article.....

You read it wrong.  Go read the article again.  "RSA129" is close to
being broken.  This is only a *SINGLE* RSA modulus.  There are an
infinite number of them.  We are about to crack only one.  It's taken
us 8 months of work, so far, and this is only about 420 bits.
Factoring is an exponential problem, so adding a small number of bits
will greatly increase the amount of time needed to factor it.

So, to answer your questions:

a) It will prove that the 384-bit (causal-grade) PGP key is not safe,
and that a 512-bit key is still somewhat safe, and that a 1024-bit key
is still very safe!

b) Yes, there are some govermental agencies helping with the
factoring.  For example, I've seen mail come in from lbl.gov, and a
bunch of nasa sites, and probably a number of others.  But they are
only helping factor *THIS ONE NUMBER*.  Data for this can only be used
to help factor multiples of RSA129, but it will not help factor any
other RSA modulus.

I hope this answers your questions, and hopefully clears up a lot of
misconceptions you clearly had when asking your questions.  (I hope
that many others didn't come to the same conclusions when reading that
article -- I know that I didn't, but then again, I know whats going on
;-)

-derek

         Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory
       Member, MIT Student Information Processing Board (SIPB)
         PGP key available from pgp-public-keys at pgp.mit.edu
            warlord at MIT.EDU       PP-ASEL        N1NWH







More information about the cypherpunks-legacy mailing list