[RC5] We need strong international encryption!

Tigger GREG at POMONA.EDU
Mon Jul 20 15:18:34 EDT 1998


Christopher Hodson wrote:
>Roy Wilson wrote:
>> 
>>         I've got to keep wondering if there's a hardware shortcut to
>> breaking PGP.  The feds make too much noise about how it's "too secure",
>> that leads me to believe it's disinformation, and they've got a way of
>> busting it near enough to instantly.
> 
>The internal part of a PGP encrypted message uses one of three
>algorithms.  One of these is Triple DES, which is approximately 120
>bits.  If Deep Crack can do 40 bits in 5 days on average (50% of
>keyspace), it would take about 5*2^80 days on average
>(6044629098073145873530880 days).  And I'm not positive, but I think the
>other two algorithms are stronger and used by default.  And this is to
>crack a single message, not the actual PGP private key.

If I recall correctly, PGP originally used IDEA, but something else (RC5?)
was substituted at a later date.  I think the important question, though,
is not a hardware shortcut for a brute-force check-every-key attack, but
rather a mathematical shortcut for a crytoanalitical attack.  It's widely
suspected that the NSA knew of a mathematical weakness in DES when they
created it.  Or 'built in' one, depending upon your point of view.  No one
in the public cryptographic community has yet stumbled upon that 'back
door', but I for one would bet that it's there, and that the NSA has been
able to crack DES easily and quickly without an exhaustive key search since
it was released.  The question then is whether there are similar mathematical
attacks against other encryption schemes.  The answer is anybody's guess,
but the NSA has a lot of really sharp people working for them, so I wouldn't
bet against it.

Actually, I think that would be a really interesting project for d.net to
take on at some future time.  I'm sure there are members of the public
crypto community who have theories about such mathematical attacks, but
don't have the compute power to test them.  I for one would choose to
donate my CPU cycles to such a research effort over the brute-force attack
we're pursuing now.

Greg Orman
A man's best friends:  a Harley, a Beretta and a Gund.
--
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest



More information about the rc5 mailing list