Re: PGP Export license?

Trent Piepho (xyzzy@u.washington.edu)
Thu, 29 May 1997 23:27:33 -0700 (PDT)

On Fri, 30 May 1997 SMEarp@aol.com wrote:
> >My best guess is that it's limited to 128 bit RC4/5 based algorithms. 128
> >bit RSA keys are pathetically weak, hardly even encryption
>
> I'm not so sure about that, RSA is offering $10,000 to anyone that can
> crack the 128 algorithm, just like the DESCHALL effort. In fact, if you
> can crack the 56-bit effort, you will recieve $10,000 as well (The
> current internet effort at <http://rc5.distributed.net> is estimating 5
> years to crack the 56 bit code - it will take less than that, as that is
> looking at every single combination, at the current number of machines
> which is increasing. Soooo, my point is that RC5 is not as weak as you
> may think it is.

I think there is a little confusion as to what people are talking about when
the say RSA. There are two kinds of encryption that RSA did, one is called
normally called RSA and refers to a public-key algorithm, the other is RC4/5
and is a symmetric cypher. A 128-bit RC5 key is very stong, a 128 bit RSA key
is very weak. For RSA a good key could be about 1024 bits.

Something like PGP or SSL uses RSA to encrypt the an RC5 key, which is then
used to encrypt the real message. PGP actually uses IDEA rather than RC5, but
they are both symetric cyphers. So one someone says PGP can export 128 bit
keys they are talking about the IDEA key, not the RSA key.

|Gazing up to the breeze of the heavens \ on a quest, meaning, reason |
|came to be, how it begun \ all alone in the family of the sun |
|curiosity teasing everyone \ on our home, third stone from the sun. |
|Trent Piepho (xyzzy@u.washington.edu) -- Metallica |