Decryption theory

Paragraphs like this make me angry:

"Arjen Lenstra and Eric Verheul’s methodical estimates [LV01] give quite similar results for the security of 1024-bit RSA keys. In one model, they project that in the year 2009, a machine costing about $250 million could factor a 1024-bit RSA key in a day — so a $10 million machine would take just under a month. Working the numbers back to the year 2003 requires one to “undo” eight doublings, four due to Moore’s Law and four due to anticipated improvements in methods for integer factorization. The $10 million machine would take about 18 years today under this model. In the year 2006, a machine with this cost would take just over one year."

Breaking encryption has become so theoretical at this point that people just toss around numbers like "A $250 million computer" and apply Moore's "Law" as if it was a freaking law. It's not anything other than an observed trend. No one actually BUILDS these theoretical cracking machines, they just make estimates as to how much power you'd probably need to crack these keys. I think that the development and application of this "super cracking machine" would be a lot more costly and tedious than any of these people really imagine it.

I mean, it's well and good to look at things like the RC5-64 project and say, wow, look how insecure this key is, we broke it. But what they don't really talk about is that it took HUNDREDS OF THOUSANDS of people almost FIVE YEARS to crack one key. And this is a 64 bit key, while most people use the equivalent of an 80 bit symmetric key (a 1096 bit RSA key is about the same strength as a 80 bit symmetric key), which is roughly sixty four thousand times harder to break.

So yes, you should be working with large keys. When you install PGP, pick that 4096 bit key. But proving the theoretical weakness of an existing system shouldn't exactly make people quake in their boots.

The above paragraph was from an RSA report here: http://www.rsasecurity.com/rsalabs/technotes/twirl.html