Bugtraq mailing list archives
Re: PGP Distributed Attack
From: perry () piermont com (Perry E. Metzger)
Date: Mon, 14 Apr 1997 12:38:26 -0400
Aleph One writes:
CYBERSPACE, 31 March 1997 - This is to announce the first truly distributed attack on the popular PGP encryption/authentication program. In 24 hours, users all across cyberspace can assist in 'factoring' a 1024-bits PGP public key, using a Java applet specially written by a team of 'cypherpunks'.
This is nearly an april fools joke. 1) The largest key thus cracked is perhaps one third that size. Factoring is an *exponential problem* in the size of the number being factored. Cracking a 1024 bit key right now would require far more compute power than is conceivably available. 2) Java is insanely slow. Previous cracks used highly tuned C code. Running the crack in Java would make it nearly impossible to achieve the stated result.
Some background information: a PGP key is considered unbreakable because it consists of a product of two very large prime numbers. The only way to 'crack' the key is to find the two prime numbers. This applet does exactly that. Each user who downloads the applet also is assigned a range of numbers to try. If at least 144,000 users download the applet, and run it for 24 hours on a computer at least as powerful as a 486, the entire keyspace will be searched.
These numbers sound wildly inaccurate to me. Perry
Current thread:
- [ANNOUNCE]: ipfilter for FreeBSD2.2.x + FreeBSD3.0-current, (continued)
- [ANNOUNCE]: ipfilter for FreeBSD2.2.x + FreeBSD3.0-current Julian Assange (Apr 13)
- Re: [ANNOUNCE]: ipfilter for FreeBSD2.2.x + FreeBSD3.0-current Perry E. Metzger (Apr 13)
- 2nd Linux kernel patch to remove stack exec Solar Designer (Apr 13)
- Re: 2nd Linux kernel patch to remove stack exec Systemkennung Linux (Apr 13)
- Re: 2nd Linux kernel patch to remove stack exec Solar Designer (Apr 13)
- Re: 2nd Linux kernel patch to remove stack exec Systemkennung Linux (Apr 13)
- Re: 2nd Linux kernel patch to remove stack exec David S. Miller (Apr 13)
- Re: 2nd Linux kernel patch to remove stack exec Systemkennung Linux (Apr 13)
- Re: 2nd Linux kernel patch to remove stack exec Systemkennung Linux (Apr 13)
- more l0phtcrack errata Systemkennung Linux (Apr 13)
- [ANNOUNCE]: ipfilter for FreeBSD2.2.x + FreeBSD3.0-current Julian Assange (Apr 13)
- PGP Distributed Attack Aleph One (Apr 14)
- Re: PGP Distributed Attack Perry E. Metzger (Apr 14)
- Re: PGP Distributed Attack Paul C Leyland (Apr 15)
- Juggernaut 1.1 patch G P R (Apr 15)
- Re: PGP Distributed Attack Ubermensch (Apr 14)
- Re: PGP Distributed Attack Tom Guptill (Apr 14)
- Re: 2nd Linux kernel patch to remove stack exec Bernd Schmidt (Apr 14)
- mail bombing ;-) Alain Mellan (Apr 14)
- Re: 2nd Linux kernel patch to remove stack exec Andreas Borchert (Apr 14)