Re: PGP Distributed Attack

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Ubermensch: "Re: PGP Distributed Attack"
• Previous message: Aleph One: "PGP Distributed Attack"
• In reply to: Aleph One: "PGP Distributed Attack"
• Next in thread: Paul C Leyland: "Re: PGP Distributed Attack"

Aleph One writes:
> CYBERSPACE, 31 March 1997 - This is to announce the first truly
> distributed attack on the popular PGP encryption/authentication program.
> In 24 hours, users all across cyberspace can assist in 'factoring'
> a 1024-bits PGP public key, using a Java applet specially written by
> a team of 'cypherpunks'.

This is nearly an april fools joke.

1) The largest key thus cracked is perhaps one third that
   size. Factoring is an *exponential problem* in the size of the
   number being factored. Cracking a 1024 bit key right now would
   require far more compute power than is conceivably available.
2) Java is insanely slow. Previous cracks used highly tuned C
   code. Running the crack in Java would make it nearly impossible to
   achieve the stated result.

> Some background information: a PGP key is considered unbreakable because
> it consists of a product of two very large prime numbers. The only way
> to 'crack' the key is to find the two prime numbers. This applet does
> exactly that. Each user who downloads the applet also is assigned a
> range of numbers to try. If at least 144,000 users download the applet,
> and run it for 24 hours on a computer at least as powerful as a 486,
> the entire keyspace will be searched.

These numbers sound wildly inaccurate to me.

Perry

• Next message: Ubermensch: "Re: PGP Distributed Attack"
• Previous message: Aleph One: "PGP Distributed Attack"
• In reply to: Aleph One: "PGP Distributed Attack"
• Next in thread: Paul C Leyland: "Re: PGP Distributed Attack"