Home page logo

bugtraq logo Bugtraq mailing list archives

Re: PGP Distributed Attack
From: perry () piermont com (Perry E. Metzger)
Date: Mon, 14 Apr 1997 12:38:26 -0400

Aleph One writes:
CYBERSPACE, 31 March 1997 - This is to announce the first truly
distributed attack on the popular PGP encryption/authentication program.
In 24 hours, users all across cyberspace can assist in 'factoring'
a 1024-bits PGP public key, using a Java applet specially written by
a team of 'cypherpunks'.

This is nearly an april fools joke.

1) The largest key thus cracked is perhaps one third that
   size. Factoring is an *exponential problem* in the size of the
   number being factored. Cracking a 1024 bit key right now would
   require far more compute power than is conceivably available.
2) Java is insanely slow. Previous cracks used highly tuned C
   code. Running the crack in Java would make it nearly impossible to
   achieve the stated result.

Some background information: a PGP key is considered unbreakable because
it consists of a product of two very large prime numbers. The only way
to 'crack' the key is to find the two prime numbers. This applet does
exactly that. Each user who downloads the applet also is assigned a
range of numbers to try. If at least 144,000 users download the applet,
and run it for 24 hours on a computer at least as powerful as a 486,
the entire keyspace will be searched.

These numbers sound wildly inaccurate to me.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]