From: Derek Atkins <warlord@ATHENA.MIT.EDU>
Date: Tue, 22 Mar 94 16:18:51 PST
To: fhalper@pilot.njin.net (Frederic Halper)
Subject: Re: Breaking RSA
In-Reply-To: <9403222353.AA21586@pilot.njin.net>
Message-ID: <199403230018.TAA07792@charon.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain


As one of the people quoted in the article.....

You read it wrong.  Go read the article again.  "RSA129" is close to
being broken.  This is only a *SINGLE* RSA modulus.  There are an
infinite number of them.  We are about to crack only one.  It's taken
us 8 months of work, so far, and this is only about 420 bits.
Factoring is an exponential problem, so adding a small number of bits
will greatly increase the amount of time needed to factor it.

So, to answer your questions:

a) It will prove that the 384-bit (causal-grade) PGP key is not safe,
and that a 512-bit key is still somewhat safe, and that a 1024-bit key
is still very safe!

b) Yes, there are some govermental agencies helping with the
factoring.  For example, I've seen mail come in from lbl.gov, and a
bunch of nasa sites, and probably a number of others.  But they are
only helping factor *THIS ONE NUMBER*.  Data for this can only be used
to help factor multiples of RSA129, but it will not help factor any
other RSA modulus.

I hope this answers your questions, and hopefully clears up a lot of
misconceptions you clearly had when asking your questions.  (I hope
that many others didn't come to the same conclusions when reading that
article -- I know that I didn't, but then again, I know whats going on
;-)

-derek

         Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory
       Member, MIT Student Information Processing Board (SIPB)
         PGP key available from pgp-public-keys@pgp.mit.edu
            warlord@MIT.EDU       PP-ASEL        N1NWH