1994-01-21 - RSA IS the weak link in PGP

Header Data

From: mpjohnso@nyx10.cs.du.edu (Michael Johnson)
To: cypherpunks@toad.com
Message Hash: e285999c9f5676141cd3a994676f65ee0940a1073f3308e21296658d9e26a083
Message ID: <9401212136.AA02490@nyx10.cs.du.edu>
Reply To: N/A
UTC Datetime: 1994-01-21 21:51:33 UTC
Raw Date: Fri, 21 Jan 94 13:51:33 PST

Raw message

From: mpjohnso@nyx10.cs.du.edu (Michael Johnson)
Date: Fri, 21 Jan 94 13:51:33 PST
To: cypherpunks@toad.com
Subject: RSA IS the weak link in PGP
Message-ID: <9401212136.AA02490@nyx10.cs.du.edu>
MIME-Version: 1.0
Content-Type: text/plain



>    ...the IDEA encryption algorithm used in PGP is actually
>    MUCH stronger than RSA given the same key length.  Even with a 1024 bit
>    RSA key, it is believed that IDEA encryption is still stronger, and,
>    since a chain is no stronger than it's weakest link, it is believed that
>    RSA is actually the weakest part of the RSA - IDEA approach.
>
>Confirmation?

This is true.  To equal the strength of a 128 bit IDEA key, the RSA key would
have to be about 3,000 bits long.  This is because EVERY 128 bit number (except
maybe a small number of weak keys) is a good IDEA key, but only specially 
selected large numbers work well for RSA keys.  Of course, I'm not really
concerned that you will factor my 1024 bit RSA modulus by tomorrow morning :).






Thread