[16089] in cryptography@c2.net mail archive
Re: How thorough are the hash breaks, anyway?
daemon@ATHENA.MIT.EDU (lrk)
Mon Sep 6 16:39:54 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 2 Sep 2004 09:11:53 -0500
From: lrk <crypto@ovillatx.sytes.net>
To: "Whyte, William" <WWhyte@ntru.com>
Cc: "'Matt Crawford'" <crawdad@fnal.gov>,
Ian Grigg <iang@systemics.com>, Daniel Carosone <dan@geek.com.au>,
crypto <cryptography@metzdowd.com>
In-Reply-To: <30F37C4533D8564FB1D58BFDAF6687C1EA7942@ohthree.jjj-i.com>
On Tue, Aug 31, 2004 at 02:45:29PM -0400, Whyte, William wrote:
>
> My understanding is that once you've used trial division to
> get rid of all the extremely short divisors, a random number
> of length n is about as hard to factor as an RSA modulus of
> the same length. I don't think there are a lot of easy-to-factor
> moduli around.
One would think that the more one knows about the factors, the easier
factoring would be. Since we know an RSA modulus contains exactly two
primes, usually each half the length of the modulus, factoring an RSA
modulus should be easier than factoring a random number of about the same
size. This depends, of course, on being able to use a method which takes
advantage of the additional information.
The simple case for factoring easy RSA modulii occurs when the primes
are too close together rather than being small.
Other easy cases are based on other accidental characteristics.
--
crypto@ovillatx.sytes.net
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
