FW: [rc5] 56 bits seem to be enough

David Christensen dchrist at home.com
Wed Jun 4 17:58:13 EDT 1997

I have a tendency to agree with you that 56 bits seems pretty good today. 
 Consider this:

My Pentium Pro 233 system can check about 385 Kkeys/sec.

The current rate is about 390,731 Kkeys/sec.

Thus, the current rate could be maintained by using 1014 Pentium Pro 
(390,731/385), at a cost of about $1.5 million (1014 * $1500).

And even this setup still wouldn't find the key for a single message for 
5.5 years (worst case, 2.75 years average case).  This would make it pretty 
expensive for most users, but this budget is easily within range of most 
I remember reading somewhere that the US government had contracted with 
to build some type of computer using a very large array (2000?) of Pentium 
CPU's, so this type of setup is not infeasible.

Of course, you shouldn't forget Grove's law.  CPU's will double in power 
18 months.  A task that will take 5.5 years today may only take 2.75 years 
the next generation of CPUs.  If Grove's law holds, 6 years from now the 
1014 systems could crack the code in 4 months.

Therefore, if we want to adopt some sort of standard encryption method to 
global, secure commerce, we should select one that will be secure for more 
just a few years.

David Christensen
email: dchrist at home.com
PGP Key ID: 0x3C5C9E65

-----Original Message-----
From:	Dave Ashley [SMTP:dash at netcom.com]
Sent:	Wednesday, June 04, 1997 9:04 AM
To:	rc5 at llamas.net
Subject:	[rc5] 56 bits seem to be enough

It would seem the stats are holding at around 5.5 years to complete the 56 
bit RSA crack. The whole point of the exercise was to prove to the 
government that 56 bit keys are not sufficient, and given the huge amount 
of distributed computing power already involved I'm of the opinion that 
instead you've managed to prove the opposite.
At any rate, what does it matter? People can still use RSA with 64 bit keys 
or more.
What I wonder is if there is a better method of finding the key than 
exhaustive search-and that the government knows of this method and is 
keeping it secret. If they can do that what hope do we have, other than to 
create custom encryption methods for each task?
Dave Ashley
dash at netcom.com
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' 
in the body.

To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.

More information about the rc5 mailing list