[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ms-cryptoapi
Subject:    Re: Strong encryption?
From:       Dr Stephen Henson <shenson () DRH-CONSULTANCY ! DEMON ! CO ! UK>
Date:       1998-09-30 17:17:21
[Download RAW message or body]


John Lowry wrote:
>
> Can you point me to information that supports a claim that
> 1024 bit RSA keys are weak ?  I agree that 512 is looking
> a bit thin but this is the first claim I have heard that
> 2^512 bits of additional strength is not sufficient...
>

This is a common misconception: its not 2^512 bits of additional
strength. The most efficient methods of breaking an RSA key do not just
involve brute force searches as in many symmetric algorithms (RC2, DES).
The most efficient methods generally involve an attempt to factorize the
public key (one component of an RSA public is the product of two
primes): the algorithms used are condiderably more efficient that brute
force.

Just a minor additional point for the discussion. Although export
crippled stuff can only use 512 bit RSA keys for encryption (key
transport) you can use and generate larger keys for signatures: for
example in CryptoAPI. Thus strong authentication is permissible.

As someone pointed out this means that the joys of forging digital
signatures haven't yet occurred to the various authorities.

Steve.
--
Dr Stephen N. Henson. UK based freelance Cryptographic Consultant.
For info see homepage at http://www.drh-consultancy.demon.co.uk/
Email: shenson@drh-consultancy.demon.co.uk
PGP key: via homepage.

----------------------------------------------------------------
Users Guide http://www.microsoft.com/workshop/essentials/mail.asp
contains important info including how to unsubscribe.  Save time, search
the archives at http://discuss.microsoft.com/archives/index.html

[prev in list] [next in list] [prev in thread] [next in thread]