From: Raymond Paquin Area: Public Key Encryption To: Chris Adams 6 Mar 95 12:18:26 Subject: RSA beaten... sorta. UpdReq CA> Seems ominous, but it's not. As others have CA> explained, just use a 2048 CA> bit key, because EACH bit doubles the time needed. Also, volume makes CA> anything approaching realtime decryption impossible for more than a CA> message or two... Not quite true: each *10* bits doubles the time required to factor the modulus. This corresponds roughly to 3 decimal digits. Thus, adding 30 decimal digits doubles the time 10 times, ie: multiplies the time required by a factor of 2^10 or 1024. Ciao... 201434369420143436942014343694201434369420143436942014343694718 From: Jeffrey Bloss Area: Public Key Encryption To: Chris Adams 5 Mar 95 08:03:00 Subject: RSA beaten... sorta. UpdReq -----BEGIN PGP SIGNED MESSAGE----- CA>> JB> 512 bit modulus schemes ARE breakable by anyone willing to spend a CA>> JB> couple million for the hardware, and able to wait a couple months. CA>> Seems ominous, but it's not. As others have explained, just use a 2048 Bit here's the rub... until now, a factoring attack against RSA was just theory. Generally, estimates of time it would take someone to recover plaintext are based on brute force attacks because the problem of factoring large numbers was thought to be more complex. The security of RSA depends entirely on the inability of your "opponent" to factor large numbers. Both the public and private keys are functions of two large, prime numbers, and cracking RSA depends on factoring the product of these two large primes. The new attack has already reduced theoretical years (even for a 512 bit key) to a couple months. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: -=[ Privacy Through Random Acts Of Encryption ]=- iQCVAwUBL1m2kOkStfMM4BMZAQH19gQAs4B6HeJFvoFGNetlBrfD4+ebToCcp+ak FRa5IfI5u/v2btGJ0I6oXfmolulOSTZJZp5ZLx9WCnOZoA0qqAoeevBdPfUVeISq QRLUqh/Atn1HSGTMAO0QfHfETuVzF3YnuMnbqJxTckmFF5fSPjbheqDWjX8vNSSG /08WAlE1xbc= =pNOD -----END PGP SIGNATURE----- jbloss@meadville.com -=- 1:2601/551.0 -=- ->5317 PGP v2.6.2 public encryption key available by request. 201434369420143436942014343694201434369420143436942014343694718 From: Jeffrey Bloss Area: Public Key Encryption To: Shawn Mcmahon 5 Mar 95 16:06:00 Subject: Quotes as passphrase UpdReq -----BEGIN PGP SIGNED MESSAGE----- SM>> JB> FWIW, computers are incapable of generating ANYTHING random. ;) SM>> I think you need to read a good cryptography text, and learn the differenc I've read a few of'em. SM>> between randomness, Shannon randomness, and nonrandomness. Computers are purely deterministic tools. You put something in one end, completely predictable results come out the other. There's a finite number of states in which a computer can exist. Correct me if I'm wrong, but Shannon's ultimate test for randomness is compressibility... truly random sequences can not be compressed. No computer known to man can produce uncompresses number sequences, but with a little help they CAN produce number sequences with periods large enough to be cryptographically secure. Here's a test... Why does PGP require the user to "enter some random text" during key generation?? Why is it necessary to measure the time interval between keystrokes??? SM>> I will say this; so far, *NONE* of the references people have been quoting SM>> as "references that show that TEMPEST shielding is meant to block RAM and Then you've either read none of them, or fail to see the simple truth that tempest is implemented as a cross between the secure and the practical. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: -=[ Privacy Through Random Acts Of Encryption ]=- iQCVAwUBL1onwOkStfMM4BMZAQEzpwP/Wwr3VwM5is0nnBOIYTrhKsS8uIWz79fw rtrWqTNMP0M4XEgLaqdxRuB0Pl0Y80v+saw5jIhAXK8PLHYCw1y1k1WfBSbV4FZY VHBXBtgmvNyugKaO84o5TD+Hsa2tXug0uvWncQcca0FY9XPnoK79Xw6ZAx36xNQU ulZGLdgojh8= =SEfV -----END PGP SIGNATURE----- jbloss@meadville.com -=- 1:2601/551.0 -=- ->5317 PGP v2.6.2 public encryption key available by request. 201434369420143436942014343694201434369420143436942014343694718 From: Jeffrey Bloss Area: Public Key Encryption To: All 5 Mar 95 16:33:00 Subject: One Step Closer... :( UpdReq -----BEGIN PGP SIGNED MESSAGE----- This from Dr. Dobb's Developer Update V.2 #3... In my own words. :) PRZ's lawyers finally had the chance to meet with US Government attorneys. The government is ready to precede with an indictment that could cost Phil 10 years and/or $1 million. The question at hand is the internet distribution of PGP and it's violation of export law. This case is going to have some RESOUNDING effects on the internet. I fear none of them good. :(( -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: -=[ Privacy Through Random Acts Of Encryption ]=- iQCVAwUBL1ouAukStfMM4BMZAQGOxQP/d0gu0ZC9ZBZcXPF7MI8hyHv7+2oMPjst 7M1eLGw/YGJdg08Y7+TeUd6h+Wv7KOjbMo4EdlnRaA6rDl5afLhEQ7aUHprFstUS bOb/XAAF5CT9m6343lyRkPGWvg/PRd0m0TDR//b3bGXHrHeFnBTCthP+nj0VkBzW PJWVbjWb5x4= =AK+1 -----END PGP SIGNATURE----- jbloss@meadville.com -=- 1:2601/551.0 -=- ->5317 PGP v2.6.2 public encryption key available by request. 201434369420143436942014343694201434369420143436942014343694718