[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 2047 bit keys in PGP



Laszlo Vecsey <[email protected]> said:

LV> Are you sure it's a bug in the DOS version? When I did a pgp -kg in
LV> my UNIX shell (US version 2.6.2) I also entered 2048 bits and it too
LV> created a 2047 bit key instead.

	I had heard elsewhere that there was such a bug.  My mistake,
then.

LV> Why is there a limit to the size of the key anyway? It's too bad PGP
LV> doesn't support any size key (within reason).

	As I understand it (which, given my previous error, is in
serious doubt), after a point the IDEA session keys become far easier to
use a brute force attack on than the RSA keypair.  Since I think that
increasing the RSA keysize is supposed to double the attack time, if a
RSA key size of N takes as much time to break as 1 IDEA key, making the
RSA key N+8 bits makes it better to break the IDEA keys of 200 messages
rather than the RSA key.

	Does anyone know if there are comparisons of estimates of the
time to break the IDEA session keys used in PGP vs time to break RSA
keys of various sizes?

-- 
#include <disclaimer.h>				/* Sten Drescher */
To get my PGP public key, send me email with your public key and
	Subject: PGP key exchange
Key fingerprint =  90 5F 1D FD A6 7C 84 5E  A9 D3 90 16 B2 44 C4 F3
Junk email is NOT appreciated.  If I want to buy something, I'll find
you.