Re: Non-PK encryption not vulnerable via low key length?!

Software Test Account (softtest@wu1.wl.aecl.ca)
Thu, 16 Mar 1995 22:36:41 -0600 (CST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Valdis.Kletnieks@vt.edu: "Re: safe logging xterm"
Previous message: Anonymous the XXIIV: "Re: Cancel Subscription"
In reply to: That Whispering Wolf...: "Re: Non-PK encryption not vulnerable via low key length?!"
Next in thread: Adam Shostack: "Re: Non-PK encryption not vulnerable via low key length?!"

On Thu, 16 Mar 1995, That Whispering Wolf... wrote:

> > > Correct me if I am wrong - RC2 and RC4 are not public key cyrptosystems,
> > > and hence are not "prone" to the problems with low moduli.
> > 
> >    You are wrong.
> > 
> >    If the key is only 128-bit, that's a much smaller keyspace to 
> > brute-force attack than a 1024-bit key.
> > 
> >    (do the math)
> 
> You add a qualifier here -- "brute force attack" -- that makes your statement
> technichally correct, but misleading.
> 
> You generally see keyspaces of 1024 bits (etc) in public key cryptosystems
> (RSA/PGP). You see 128-bit keysizes on traditional cryptosystems, like RC2,
> RC4, IDEA (the -real- encryption in PGP), etc.
> 
> The problem here is that the best way to break a public-key cryptosystem
> is _not_ by brute force. RSA gets it's strength from the fact that it's very
> hard to factor a large number (1024 bits, for example) made up of two
> multiplied large primes, into it's individual primes. To break RSA, you
> 'simply' have to factor the key, which is orders of magnitude faster than
> a brute force attack on the system.
> 
> Large key sizes are required for public-key cryptosystems, because HUGE
> advances are being made in number factoring. 1024-bit keys are still out
> of reach, but for how long?
> 
> In the case of RC2 and RC4, the best (known -- Important word here) attack
> is a brute force attack on the key -- something that is, for the moment,
> prohibative.  Giveen huge advances in current technology, it'd still
> take YEARS to crack -one- key.
>

RC2 and RC4 are both public key systems -- then why wouldn't factoring 
the key prove equally as (greatly more) effective as with attacks on 
RSA/PGP. 
	 __pardon_my_misunderstanding__but__?

 
> Anyhow, bottom line is that saying "RSA with a 1024 bit key is more secure
> than RC4 with a 128 bit key" is a bit silly -- You're comparing apples to 
> oranges. Nobody's going to brute-force attack RSA, since there are much better
> ways to crack the system.
> 
> 									-WW
> 

Erik
     ____       _____    _______   __     Erik Lindquist  
    / _  |     / ___/   / _____/  /  /    Systems Administrator 
   / /_| |    / /__    / /       /  /     AECL Whiteshell Laboratories
  /  __  |   / ___/   / /       /  /      VOICE: (204) 753-2311x3145  
 / /   | |  / /____  / /_____  /  /_____  FAX:   (204) 753-2455 
/_/    |_| /______/ /_______/ /________/  E-mail: lindquie@wu1.wl.aecl.ca

Next message: Valdis.Kletnieks@vt.edu: "Re: safe logging xterm"
Previous message: Anonymous the XXIIV: "Re: Cancel Subscription"
In reply to: That Whispering Wolf...: "Re: Non-PK encryption not vulnerable via low key length?!"
Next in thread: Adam Shostack: "Re: Non-PK encryption not vulnerable via low key length?!"