1995-01-19 - Re: Factorisation and Discrete Logs

Header Data

From: mpd@netcom.com (Mike Duvos)
To: cypherpunks@toad.com
Message Hash: 19a175bc06fa2547ce17a9184cb0b8a19c65657128e4ef99daee87e67c7aecda
Message ID: <199501190440.UAA28769@netcom5.netcom.com>
Reply To: <9501190357.AA12988@toxicwaste.media.mit.edu>
UTC Datetime: 1995-01-19 04:50:57 UTC
Raw Date: Wed, 18 Jan 95 20:50:57 PST

Raw message

From: mpd@netcom.com (Mike Duvos)
Date: Wed, 18 Jan 95 20:50:57 PST
To: cypherpunks@toad.com
Subject: Re: Factorisation and Discrete Logs
In-Reply-To: <9501190357.AA12988@toxicwaste.media.mit.edu>
Message-ID: <199501190440.UAA28769@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain

Derek Atkins <warlord@MIT.EDU> writes:

 > You are right...  Given talks Ive had with Brian LaMacchia,
 > who broke a version of "Secure SunRPC" (a 192-bit prime), he
 > claims that the difficulty is reducing a D-L problem is
 > about the same amount of computation to factorize an RSA
 > modulus of approximately the same size..

Although DH and RSA are believed to be of approximately equal
difficulty given the same number of bits, DH is additionally
vulnerable because system designers usually publish an "official"
modulus and primitive root for everyone to use, whereas in RSA,
everyone has their own key.

To mount an attack on PGP, for instance, you must factor a key
for each person whose privacy you wish to compromise.  Breaking
Sun's published 192 bit DH modulus instantly broke SunRPC on all
machines using the protocol.  The latter was a lot less work than 
the former.

     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $