Re: Length of time to crack PGP?

Douglas Dike (wmage@rahul.net)
Thu, 29 May 1997 22:24:40 -0700 (PDT)


> > > In fact, according to estimates published by the U.S. government, it
> > > would take an estimated 12 million times the age of the universe, on
> > > average, to break a single 128-bit message encrypted with PGP.

> > Where on earth did this number come from?

> It is obviously incorrect, since a 384-bit PGP key has already been
> broken.

Well, it's correct if using a sufficiently large public key, or encrypted
only using only a private key (pgp -c [assuming of course you have a
sufficiently difficult passphrase, MD5 really is an adequite one way hash,
IDEA doesn't have any exploitable weaknesses, you're on a "secure"
computer, and no one is interested enough to do rubber hose passphrase
recovery]).

--
"The society which scorns excellence in plumbing as a humble activity
and tolerates shoddiness in philosophy because it is an exalted
activity will have neither good plumbing nor good philosophy ...
neither its pipes nor its theories will hold water."