In reference to "breaking" a 128 bit key, Paul C Leyland wrote: >I cannot speak for Cohen, but *I* have factored 128-bit numbers in >minutes, not hours, on a PC. Specifically, my 25MHz 386+387. Arrgg... hasn't this been discussed to death? Factoring large primes plays no role in attacking ("breaking") a conventional symmetric key cryptosystems; thus, the key sizes can be smaller (56, 128, 256 bits are all common) since the only other known attack is (hopefully) bruteforce (which with 2^128 possible keys is probably safe (for now)). Public key cryptosystems (ie RSA) are "easily" attacked if you can factor the the composite number in the public key to it's component numbers. Because of this, public key cryptosystems need much larger keys that make the factoring much harder. Eliminating the factoring attack *should* leave only a brute force attack remaining. The additional bits help to protect against the brute force attack, but they aren't exactly needed to deter the brute force attack. I would very much like to see this thread be moved to sci.crypt if it must continue. It is defintely out of the scope of bugtraq (I feel like a sinner replying to it all.) -- William McVey