From: futplex@pseudonym.com (Futplex)
Date: Thu, 4 Jan 1996 07:46:40 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: 2047 bit keys in PGP
In-Reply-To: <55zqc557z8.fsf@galil.austnsc.tandem.com>
Message-ID: <199601032300.SAA15180@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Sten Drescher writes:
> Since I think that
> increasing the RSA keysize is supposed to double the attack time, if a
> RSA key size of N takes as much time to break as 1 IDEA key, making the
> RSA key N+8 bits makes it better to break the IDEA keys of 200 messages
> rather than the RSA key.
> 
> Does anyone know if there are comparisons of estimates of the
> time to break the IDEA session keys used in PGP vs time to break RSA
> keys of various sizes?

Off the top of my head, the figure I have usually heard quoted puts RSA at
about 100 times slower than your average symmetric key algorithm. So ignoring
key setup, I would expect an extra factor of 100 in the brute forcing time
for RSA over IDEA. 

I don't believe it's worth spending much time worrying about your RSA
key size. If you pick some decent size (1-2k), it's likely that RSA itself
will have been broken, or your key compromised by some other means, before
any direct brute force attack will succeed. 

Futplex <futplex@pseudonym.com>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMOsKNCnaAKQPVHDZAQHIRgf/ZS29BnGaZ60PeMlhIoniETAtI2VYNstM
yFV6tl5w1Kzu9Q2TcJk/tdpW9QVbWOrB2IMdELBrk1urcYBS6YUBXcAlI7UhinA9
sapoZpz3WUCnRdb/64HkGFsOYgEVyVjsrrmu+M2RUUNRnOwWSS0KFAz8GYqj83ry
xSpvrRNJPqCNARBsh9VPKgrRS1qNH5Zc1Tyu5Dr/E3OiQkzVCqHhQYYDj/PCESLL
Y1Sly6n133Jq8J3TWoXAzeNKAOwy4tLz6TFn63OgbfcnTp1hndsMlIwCN3tzn9el
T7b4LBMeVq2hXVkmotE0BURW7Phuckpmk1Xiow3vBXFMRxWPFz6lOg==
=Njig
-----END PGP SIGNATURE-----