Security Implications

Ryan Malayter
Fri Dec 14 18:52:01 2001

Hash: SHA1

Ingo Kl=F6cker <> wrote:
>But as it's much more time consuming to find the secret=20
>key corresponding to a public key than to simply find=20
>the session key (by brute force) nobody would ever try=20
>to crack the asymmetrically encrypted session key but=20
>would crack the symmetrically encrypted message=20
>itself instead.

That's really not true. Cracking the asymmetric keys would allow the
attacker to read *all* of the victim's mail. Cracking the symmetric
session key would allow him to read just one message. The
public/private keypair is a much more attractive target.

By brute-force, is completely infeasible to crack a 128-bit symmetric
key. However, 512-bit asymmetric keys *have* been cracked by brute
force using the General Number Field Sieve. The 1024-bit symmetric
keys used in OpenPGP could be vulnerable to brute-force.

Attacks on large asymmetric keys will be possible in the near future.
A 1024-bit asymmetric key is *not* 2^512 times as strong as a 512 bit
key. The complexity GNFS algoritm is O(e^(1.923
+(ln(n))^(1/3)*(ln(ln(n)))^(2/3))), so factoring a 1024-bit asymmetric
key us only about 200,000 times as hard as factoring a 512-bit
asymmetric key. This will probably happen within a few years, as
computing power increases and factoring algorithms get even better.

Basically, if you're attacking an OpenPGP user, and resorting to brute
force (which you probably wouldn't have to do in practice), an attack
on the asymmetric key is the only smart one.

:::Ryan Malayter
:::Bank Administration Institute
:::Chicago, Illinois, USA
"The inherent vice of capitalism is the unequal sharing of blessings;
the inherent virtue of socialism is the equal sharing of miseries."
   -Sir Winston Churchill
Version: GnuPG v1.0.6 (MingW32) - GPGshell v2.10b19
Comment: For info see