From: "Robert A. Costner" <pooh@efga.org>
Date: Mon, 9 Jun 1997 07:19:56 +0800
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: PGP Key generation
In-Reply-To: <199706082051.VAA05211@server.test.net>
Message-ID: <3.0.2.32.19970608190515.007152dc@mail.atl.bellsouth.net>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

I have a question for any of you that may know the answer.  This is for a 
paper I am giving to the Social Security Administration on Tuesday, so I 
would appreciate any answer I get.

If I generate a personal PGP keypair on some machine it takes a specific 
period of time to do the intensive calculations, let's assume ten minutes for 
this example.  If I needed 10,000 such individual keyspairs for a unspecified 
authentication attack, does this have to take 10,000 times 10 minutes (over 
two months with this CPU), or is there a faster way to generate a large 
number of keypairs to appear to be a large number of people.

The larger question is since 10,000 unique written signatures seems to 
indicate that 10,000 unique individuals exist, would 10,000 unique PGP 
signatures also seem to indicate that these are not from the same person?


-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQBVAwUBM5s6qEGpGhRXg5NZAQG0ywIAwM3EOYMTvpxZEJqpsEqGvdAGA35Tjv0I
ODzAbs/aoSQ6KWMwmw306GOvfSCGBQDgw5QJ/0ENxFwb+1OFkcA2BQ==
=hVvI
-----END PGP SIGNATURE-----

  -- Robert Costner                  Phone: (770) 512-8746
     Electronic Frontiers Georgia    mailto:pooh@efga.org  
     http://www.efga.org/            run PGP 5.0 for my public key