Bugtraq
mailing list archives
Re: PGP Distributed Attack
From: perry () piermont com (Perry E. Metzger)
Date: Mon, 14 Apr 1997 12:38:26 0400
Aleph One writes:
CYBERSPACE, 31 March 1997  This is to announce the first truly
distributed attack on the popular PGP encryption/authentication program.
In 24 hours, users all across cyberspace can assist in 'factoring'
a 1024bits PGP public key, using a Java applet specially written by
a team of 'cypherpunks'.
This is nearly an april fools joke.
1) The largest key thus cracked is perhaps one third that
size. Factoring is an *exponential problem* in the size of the
number being factored. Cracking a 1024 bit key right now would
require far more compute power than is conceivably available.
2) Java is insanely slow. Previous cracks used highly tuned C
code. Running the crack in Java would make it nearly impossible to
achieve the stated result.
Some background information: a PGP key is considered unbreakable because
it consists of a product of two very large prime numbers. The only way
to 'crack' the key is to find the two prime numbers. This applet does
exactly that. Each user who downloads the applet also is assigned a
range of numbers to try. If at least 144,000 users download the applet,
and run it for 24 hours on a computer at least as powerful as a 486,
the entire keyspace will be searched.
These numbers sound wildly inaccurate to me.
Perry
By Date
By Thread
Current thread:
 [ANNOUNCE]: ipfilter for FreeBSD2.2.x + FreeBSD3.0current, (continued)
