1024 bit encryption compromised?

Ryan Malayter rmalayter@bai.org
Tue Apr 9 17:19:01 2002

From: carl w spitzer [mailto:cwsiv_home1@juno.com] 
>Why 2048?
>A friend who first gave me a copy of PGP said
>to use either 1023 or 2047 to make the mathmatics 
>of factoring fail to the more common computer

This seems kind of pointless to me. Okay, so maybe this-or-that
implementation of PGP does fix the high-order bit of a generated key at 1.
You could be fooling an attacker who is simply trying an exhaustive keyspace
search by using a 1023-bit key. But this attacker would be a moron, and not
much to worry about.

I'm no mathemetician, but from what I've read it seems that the General
Number Field Sieve (currently the best factoring algorithm) doesn't work
like a brute-force keyspace search at all: it will factor any length of
number smaller than the limit implemented by the programmer. If the
programmer codes for 1024-bit keys, his algorithm will factor 1023-bit keys
as well. (Can any academics out there confirm this?)