Re: Lotus Notes Encryption Methods

[wam () cs purdue edu (William McVey)]

In reference to "breaking" a 128 bit key, Paul C Leyland wrote:
> I cannot speak for Cohen, but *I* have factored 128-bit numbers in
> minutes, not hours, on a PC.  Specifically, my 25MHz 386+387.

Arrgg... hasn't this been discussed to death?  Factoring large primes
plays no role in attacking ("breaking") a conventional symmetric key
cryptosystems; thus, the key sizes can be smaller (56, 128, 256 bits
are all common) since the only other known attack is (hopefully)
bruteforce (which with 2^128 possible keys is probably safe (for
now)).

Public key cryptosystems (ie RSA) are "easily" attacked if you can
factor the the composite number in the public key to it's component
numbers.  Because of this, public key cryptosystems need much larger
keys that make the factoring much harder.  Eliminating the factoring
attack *should* leave only a brute force attack remaining.  The
additional bits help to protect against the brute force attack, but
they aren't exactly needed to deter the brute force attack.

I would very much like to see this thread be moved to sci.crypt if it
must continue.  It is defintely out of the scope of bugtraq  (I feel
like a sinner replying to it all.)

 -- William McVey