Path: utzoo!utgpu!water!watmath!clyde!rutgers!cmcl2!nrl-cmf!ames!ll-xn!mit-eddie!mit-amt!mit-caf!monta
From: monta@mit-caf.UUCP (Peter Monta)
Newsgroups: sci.crypt
Subject: Re: Another question
Message-ID: <659@mit-caf.UUCP>
Date: 16 Jan 88 00:22:15 GMT
References: <8801150155.AA11615@decwrl.dec.com> <10933@duke.cs.duke.edu>
Organization: Microsystems Technology Laboratory, MIT
Lines: 19
In-reply-to: srt@duke.cs.duke.edu's message of 15 Jan 88 17:20:21 GMT
Posting-Front-End: GNU Emacs 18.36.3 of Thu Apr 30 1987 on mit-caf (berkeley-unix)


> > I am currently looking into a public key encryption system for a bulletin
> > board network program. However, RSA is fairly CPU intensive ...
>
> Why not just use shorter keys in an RSA scheme?

This is certainly an option, but it seems to me that any RSA system with
keys short enough to compete on a microcomputer with, say, DES in software,
would be trivial to crack (by factoring the key).

However, it might be reasonable to use RSA (or other public-key system) for
key distribution: use the recipient's public key to encrypt a DES key, say,
then send RSA-encrypted key and DES-encrypted message.  This would use the
public-key system on only a very short message, bootstrapping to a
conventional, faster cryptosystem.

Peter Monta
uucp:  ...!bbn!husc6!bloom-beacon!mit-amt!mit-caf!monta
arpa:  monta@caf.mit.edu