Using gpg for french law

Simpson, Sam s.simpson@mia.co.uk
Thu, 3 Aug 2000 15:09:57 +0100 


> -----Original Message-----

> From: John C. Place [mailto:jcplace@attglobal.net]

> Sent: 03 August 2000 14:31

> To: Simpson, Sam

> Cc: gnupg-users@gnupg.org

> Subject: Re: Using gpg for french law

> 

> 

> On Thu, Aug 03, 2000 at 02:52:04PM +0200, Bruno Vidal wrote:

> > 	Hi I've succeded to compil and use gpg, it works fine, but now

> > 	I've a problem to use it in france. The law in france allow only

> > 	128bits key. So my question is: is it possible to use gpg with

> > 	128bits key ?  In fact I've already made modifications to use it

> > 	with 128bits, but I succeded to create small key and crypt

> > 	message with it, but I'm unable to decrypt it :-( So there is a

> > 	solution or not ?

> > 

> I am not a crypto expert but blowfish is 128bit (or less?). 


Blowfish can accept key sizes from 1-byte (totally insecure) up to
448-bytes (overkill :)).


> ELG key is a

> diferent scale all together, and only it only encripts the 128 bit

> blowfish session key. That bit count on a ELG key is how large the

> number to be factored is.  


The strength of Elgamal is not based on the difficulty of factoring but a
similar problem (the discrete log problem).


> They are not compairable to each 

> other as far

> as strength.  I don't know is this is going to help but I thought I

> would throw that out there.  Also a 128bit ELG key I think would be

> pretty insecure because as far as a computer is concerned that is a

> small number to be factored. I am not a math guru but it seems that way

> to me.


128-bit Elgamal keys could be trivially broken. 


> Good Luck

> John



It's hard to offer equivalencies for "high-end" keys because nobody has
broken them, but at the low end I'd offer the following general indicators
(note this e-mail only talks about "hardness" in terms of TIME not SPACE):

Bruce Schneier indicates that a 56-bit DES symmetric key is around 50 times
harder to break than a 512-bit RSA key.

Both 768-bit RSA & 80-bit symmetric ciphers are probably impossible to break
at the current time, but only just so.

1,024-bit RSA & 100-bit symmetric ciphers will be secure for the
"foreseeable future" (whatever that means).

Certicom suggests:
=====================================
Block Cipher	RSA
Keylength 		Key Length
=====================================
80 			1024 
112 			2048
128 			3072
192 			7680
256 			15360 
=====================================

Unless the algorithms are less secure than expected, or computing power
improves drastically, I'd suggest that 3072-bit RSA &  150-bit symmetric
keys will not be broken in my lifetime.

(PS: all of the comments relating to RSA above apply equally to Elgamal.  In
fact, every indicator available points to Elgamal being stronger than RSA.
For example, it's been estimated that the resources used to crack a 512-bit
RSA key could only break a Elgamal in a prime field with a characteristic of
365-bits).


Hope this helps a bit?


Regards,

Sam Simpson
http://www.scramdisk.clara.net/

-- 
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of  "unsubscribe"  to gnupg-users-request@gnupg.org