From: Derek Atkins <warlord@MIT.EDU>
Date: Tue, 1 Feb 94 12:45:27 PST
To: dwomack@runner.jpl.utsa.edu (David L Womack)
Subject: Re: PGP
In-Reply-To: <9402011949.AA18718@runner.utsa.edu>
Message-ID: <9402012041.AA12750@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain


Well, I don't know exactly how many calculations are necessary,
but I've seen some posts that have given general numbers...

Let me give some examples to try to answer your question.
Currently, we estimate about 2500 MIP-years have gone into
trying to factor RSA129 (about 425 bits).  We estimate we
are about 60% through... The whole project taking about 5000 
MIP-years.

Figure that every ten decimal digits adds one order of magnitude. 
So, a 512-bit (~155-digit) key would require about 5e7 MIP-years.  
And a 1024-bit key would require approximately 5e22 MIP-years.  
(These are approximations -- please do not quote these numbers).

Brute-forcing IDEA takes about as much computation as factoring
something between a 1200 and 3000 bit RSA key (I've heard both
numbers, but I don't know the numbers).  So, in the current
implementation, RSA is the weak link!

Since the passphrase is just a hash to an IDEA key, breaking the
secret ring is as hard as either dictionary attacking the key, or
breaking IDEA, which is harder than factoring the RSA key, given
current knowledge about the algorithms.

I hope this answers your questions.  If someone has real numbers
to put in here, please update mine!

-derek