Newsgroups: sci.crypt
Path: msuinfo!caen!hellgate.utah.edu!lanl!cs.sandia.gov!mccurley
From: mccurley@cs.sandia.gov (Kevin McCurley)
Subject: Re: Pretty Good (tm) Privacy
Message-ID: <1992Jan20.211551.13787@cs.sandia.gov>
Sender: usenet@cs.sandia.gov (Another name for news)
Organization: Sandia National Laboratories, Albuquerque, NM
References: <1992Jan19.233024.18884rcain@netcom.COM> <1992Jan20.005818.24626nagle@netcom.COM> <7428.Jan2020.28.5792@virtualnews.nyu.edu>
Date: Mon, 20 Jan 92 21:15:51 GMT

In article <7428.Jan2020.28.5792@virtualnews.nyu.edu> brnstnd@nyu.edu (Dan Bernstein) writes:
>the exaggerations you might hear from Jim Bidzos. (A general rule of
>thumb is that it's much more difficult to solve the discrete log problem
>with 2n bits than it is to factor a typical n-bit number.)

My thumb must look different than yours (and Jim's).  People (Lenstra
and Manasse to be specific) have factored a single special 512-bit
number, factored quite a few "generic" 380-bit numbers, and a few
people can routinely factor 300-bit numbers.

The largest "generic" prime for which discrete logarithms have been
computed is about 224-bits, done by LaMacchia and Oldyzko.  

Kevin McCurley
Sandia National Laboratories

