TIP: Click on subject to list as thread! ANSI
echo: norml
to: RICH WOODS
from: LEE BONNIFIELD
date: 1996-07-07 03:47:00
subject: PGP is NOT broken!
-----BEGIN PGP SIGNED MESSAGE-----
Hope you don't mind me reviving this thread. If you know something
that has not appeared on the PUBLIC_KEYS echo (or I missed it there)
I'd like more info.
But I think you're wrong! And it is a critical issue.
IF you're wrong, the effect of your post would be like the
moderator of PUBLIC_KEYS posting that marijuana causes hair loss or
something equally unsupported.
 RW> To: Karl Wahlberg & Phil Pattengale 22-26 Jun 96  Re: WOPEEEE! (FWD)
 KW> Digital cash transactions don't have to invade your privacy any
 KW> more than writing public messages encrypted with PGP.
 RW> If you don't control the computers you have no privacy.
 KW> Not with public key encryption. Privacy is never compromised.
 RW> If you are talking about PGP, I believe a 1024 bit encryption key
 RW> WAS broken by a student using 12-14 SPARC workstations - took 10-14
 RW> days but it was broken.
 PP> I think you're remembering a key being broken, but as far
 PP> as I know, it was about 128 bits, not 1024.
 RW> I'll have to try and find it - I know is was much higher than the
 RW> "average" range the gov't was expecting.
Did you find any reference to a 1024 bit key being broken? I doubt it.
The last key attack I remember happened in April '94, when students
at MIT (Derek Atkins, et al -- actually I think Bellcore scientist
Arjen Lenstra led the project) announced that they had solved a puzzle
posed in Scientific American in 1977. This was an example in one of
the first articles explaining public key encryption. It required
finding the two prime factors of a 129 digit number.
   "The sieving step took approximately 5000 mips years, and was
    carried out in 8 months by about 600 volunteers from more than 20
    countries, on all continents except Antarctica."
Solving this problem involving 129 decimal digits is approximately the
same as cracking a PGP message which used a 428 bit key. But this did
not reveal a hole in PGP security; the amount of computation they had
to do is about the level of difficulty that had been predicted. So
that CONFIRMS expectations that even a 512 bit key is ridiculously
secure.
I'm not sure about the math, but Raymond Paquin and Jim Bell
extrapolated in PUBLIC_KEYS:
 RP> Adding three digits to the number rougly doubles the time
 RP> required to factor the product of two prime numbers.
 RP> Adding three digits 10 times (30 digits) will therefore 
 RP> multiply the time required by 1000
 JB> Suppose the NSA has the computing capability to decrypt a 129-digit
 JB> RSA key (the size recently decrypted by Bellcore) per day; that is
                                                       ^^^^^^^
 JB> equivalent to a single 512-bit key decrypted in 325 days.
My guess -- with the fastest computers NSA can get their hands on
TODAY, it is still utterly impossible for them to crack a 512 bit key
in less than a few months. They would have to care about a message a
LOT to make that worthwhile. And for years, PGP has allowed you to use
1024 bit keys, which would require Star Trek computers to factor in a
lifetime. The current version (2.6.2) allows 2048 bit keys.
And remember, if NSA devotes their whole computer bank all year to
cracking one key, all they have got then is one MESSAGE. (I think.) It
will take them as long again to crack a second message from the same
person. A successful brute force search for factors is NOT a break of PGP.
The reason I think it is important to correct the record on this is
that the ONLY weapon the FBI has so far to keep people from using PGP
is getting people like you to spread false rumors (assuming you're
wrong) about its vulnerability. The more people who routinely use it
today, while it is still legal for written communications (and for
voice calls with PGPFone), the harder it will be for the FBI to get it
outlawed. They can NOT break it!
Your "right" to privacy is wishful thinking if others choose to ignore
it, but your POWER of privacy is mathematically protected with PGP. If
you can't find any references for a 1024 bit key being cracked (or ANY
key bigger than 428 bits), please withdraw the rumor.
Oh yeah, marijuana does NOT cause hair loss. :-)
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMd9m7nuIUHvCYAgdAQEm0wQAzYDnxxVGbGMIL87ped7BhX+rQJJY1EIs
zPHiZhtSE6HcL1JO6V8sptzoLGOewd6yWKfBLDb2ggCHupZLGEMGPwsGGWQn66hL
bhODiRPFbkJWOMp0qQfQ1WpAXH+AU/nlv27obCNbLNt7fygFumwu8Z7/JmIzqtKh
9fKWhdyS8Nc=
=Avt9
-----END PGP SIGNATURE-----
--- PPoint 2.00
---------------
* Origin: Home of TV Agent (1:3615/50.1)
SOURCE: echomail via exec-pc

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.