From: "David F. Ogren" <ogren@cris.com>
Date: Fri, 2 Aug 1996 20:13:34 +0800
To: cypherpunks@toad.com
Subject: Re: Is 1024-bit PGP key enough?
Message-ID: <199608020517.BAA12270@darius.cris.com>
MIME-Version: 1.0
Content-Type: text/plain

-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: cypherpunks@toad.com
Date: Fri Aug 02 01:13:30 1996
>Somebody says:
>>> Is security provided by 1024-bit PGP key sufficient against 
most powerful
>>> computers that are available today? Say if smoe organization spent
 10
>>> billions of dollars on a cracking machine, would it be possible to
 crack 
>>> the keys in reasonable time?

I'll defer to Mr. Atkin's numbers here, although I think that TLA's may 
have more computing power than his rough estimates.  No matter what the 
exact numbers are, it seems that the answer is the same. 1024 bit keys 
appear to be secure for 1996, at least for individuals.

You also have to remember that even if a 1024 bit key could be cracked for 
a mere [sic] million dollars, you have succeeded in making it easier for an 
organization to break into your house and bug your computer than crack your 
RSA key. Or use some other method (bribery, extortion, violence) to obtain 
that information.

> Also, remember that although the PGP key is 1024 bits, it generates a
>  much
> smaller IDEA key with 56 bits (I think... anyone?).  The 56 bit key is
> vunerable to that $1 mil mystery machine that the NSA may or may not
>  have.
>  

IDEA keys are 128 bits long. (DES keys are the ones with 56 bits.) However, 
symmetric cryptosystems, such as IDEA, are harder to break by brute force. 
It is currently estimated that a 128 bit IDEA key is the equivalent of a 
2304 bit RSA key.

So, even though the 128 bit IDEA session key is shorter than the 1024 bit 
RSA key, the RSA key is easier to break using brute force.

- --
David F. Ogren                |
ogren@concentric.net          | "A man without religion is like a fish
PGP Key ID: 0x6458EB29        |  without a bicycle"
- ------------------------------|----------------------------------------
Don't know what PGP is?       | Need my public key?  It's available
Send a message to me with the | by server or by sending me a message
subject GETPGPINFO            | with the subject GETPGPKEY
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMgGOfOSLhCBkWOspAQEpzgf/Tn1gI8rjg+RxNbor9uIHMZgLWxGHcoMu
WleZrgd2O/K6JNcBySpeLCVe+xgUwbdXPThLO6jP4eSwqpuNtZTLWmaU2LZond+O
XIWSXRzEcvdFPoFISDpxLyLEJtZu122bc1xdlI8zhbO2CqeOcJmJ47WAaTul3wg7
MIyl7zZAvrXrzZ8ByYTpoG7C5d11kEeKCLw7ObxYXCaXXhWFphbxO8Kq3/C597H1
rb9cRu2zyt5OmN1ySMifTbrfMJvkeb9cNsSijv3q5m+ciIX5DKoH07kO82RxjT98
ndpyGbZkbZLWjKvDeNvrh2EtJRV6mfOIIZr2zaQyuyKlYmoP+VKuDA==
=QN4L
-----END PGP SIGNATURE-----