From: Derek Atkins <warlord@MIT.EDU>
Date: Wed, 11 Aug 93 11:57:22 PDT
To: williacw@vuse.vanderbilt.edu (Charles Williams)
Subject: Re: How long would it take?
In-Reply-To: <9308111426.AA20884@necs.vuse>
Message-ID: <9308111854.AA00246@toxicwaste.MEDIA.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


There are a number of ways to attack a PGP (or PEM) encrypted
document.  The first, and most likely easiest, is to try to get
someone's private key.  Other attacks include attacks on IDEA (128-bit
keys) or RSA.

Its unclear what any of these attacks require, at this point.
Breaking IDEA would take a brute force attack (2^128 keys) unless
something better comes up.  Breaking RSA requires factoring the
modulus, unless something easier comes up.

I would expect that the time to factor a 1200bit modulus would be on
the order of a million years or more, even given technology upgreades
of the near-future.

I've seen a number-of-addition-bits to amount-of-extra-time-to-factor
ratio, but I don't remember what it is.  (order of magnitude per 10
decimal digits, maybe????)

Comments, suggestions, corrections, all welcome.

-derek