PGP problems

[Brian Morrison]

On Fri, 4 Aug 2000 09:51:09 -0700, Steve Lamb wrote:

>Friday, August 04, 2000, 6:50:21 AM, Bill wrote:
>> It is probably true that the NSA can find the key to any
>> encryption, given sufficient time. So if they are interested in
>> you, you will be broken. But if the NSA is interested in you,
>> you have a whole new set of complicated problems.
>
>    Given sufficient time.  Problem is, a properly designed encryption scheme,
>esp. something like PGP, sufficient time is measured on the astronomical
>scale, not a human one.

Yes, note that distributed.net are currently working on RC5-64. This is
now approaching its third anniversary, and it could take another two
years or so.

Make the problem 2^64 times harder and you can imagine how long it
could take if your brute force it. The real issue is whether NSA or
equivalent other agency has developed a very secret method for avoiding
the need to brute force. So far no one appears to have a solution to
the discrete logarithm problem (Diffie-Helman keys). However, in cases
where the D-H or RSA key length of 2048 or 4096 bits gives better
security than the 128 bit symmetric cypher, then attention will turn to
what protects the 4096 bits, i.e. your pass phrase to your secret key.
Since text is easier to remember as we can't remember a meaningless
jumble of characters, the natural randomness of language comes into it,
and you really need a long pass phrase to get the equivalent number of
bits of entropy as the 128 bit cypher. I think that 80 characters or
more is needed to ensure this, so think about your pass phrase length!

-- 
Brian Morrison                                  bdm@fenrir.demon.co.uk
              do you know how far this has gone?
               just how damaged have I become?
                                      'Even Deeper' by Nine Inch Nails