Re: Lotus Notes Encryption Methods

[pcl () foo oucs ox ac uk (Paul C Leyland)]

Erik Lindquist wrote:
] On Tue, 14 Mar 1995, Dr. Frederick B. Cohen wrote:
] 
] > > In the tech notes that I have, it would seemt that RC2 uses a 128bit key and
] > > RC4 uses a 256bit key.
] > > 
] > > Both these keys seem rather small in comparison to something like PGP's
] > > 1028bit key.
] > 
] > 128bit key is about 40 digits - NSA approved - breakable by a PC
] > in a few hours.
] > FC
] > 
] You have actually done this with a PC?  With what kind of hw/sw???
] Seems other comments would suggest that this would be an unlikely occurence.
] Can you expand on your statement.

I cannot speak for Cohen, but *I* have factored 128-bit numbers in
minutes, not hours, on a PC.  Specifically, my 25MHz 386+387.

A reasonable 486 Linux box could factor 70-digit integers in a few
hours, using Lenstra and Manasse's PPMPQS code.  I've never actually
done such a thing on a 486, but I've factored many integers of about
that size in a similar time on Sun 4/110 and DEC 5000/25 machines.

I've factored numbers up to 104 digits (344 bits) using only my own
resources and helped organize the factoring of the original RSA
challange, a number of 129 digits or 426 bits.  I have contributed to
the factoring of a number of integers between 100 and 129 digits.

With fairly good resources, but nothing exceptional, factoring 300-400
bit numbers is routine (but tedious!)  these days.  A 384-bit key can
be broken in a few weeks with the idle time on the network of an
average university department.

For general purpose factorizations on MS-DOG machines, the UBASIC
interpreter is the best I know.  Library routines supplied with it
provide ECM and MPQS algorithms for factoring moderate sized integers.
My 386 could probably factor any integer of up to 80 digits with MPQS
in a reasonable time (a few weeks) and can find 25 digit factors of
integers up to a reasonable limit -- say 250 digits -- in the same
time.


Paul