Why revoke a key?

Robert J. Hansen rjh at sixdemonbag.org
Tue Oct 11 14:27:47 CEST 2011

On 10/10/2011 5:44 PM, Jerome Baum wrote:
> But remember Murphy's(?) law! -- (I mean the one about doubling computer
> power every 18 months -- are there two Murphy's laws? Confused now...)

Moore's Law.

For reference, a 40-bit key is breakable today by just about anyone, a
64-bit key is breakable today by people with access to significant
computational resources (hundreds of machines), and it's plausible to
believe fantastically wealthy adversaries can break 80-bit keys.

In 1998, EFF's DEEP CRACK exhausted a 56-bit keyspace in roughly 24
hours at a cost of $250,000.  Assuming Moore's Law holds true, that
means it could be built today with equivalent performance for about $1,000.

A 64-bit keyspace is only a factor of 250 harder: a DEEP CRACK/64 could
theoretically be made at a cost of $250,000.  An 80-bit keyspace is a
factor of 50,000 harder, more or less, putting the price of that at $12
billion, somewhere in there.

This is really rough back-of-the-envelope calculation, but it passes my
sniff test.

More information about the Gnupg-users mailing list