[Ichneumon]

A 516 digit key can be cracked using this computerized “brute force” method. [...] However, increase the key to 768 characters, and it takes about 6,600 times longer to crack it. Go to key size of 1024, and it takes 1,500 times longer than the 768 character key. Go to a 2048 key size and it takes a billion times longer than a 1024 character long key. PGP can use a 1024 character key, and many users go for the larger key for obvious reasons.

Someone needs to teach this reporter some math. The actual difficulty figures for a brute force crack are:

A 768-bit key takes 7.24x10⁷⁵ times as long to crack as a 516-bit key (that's a 7 followed by *74* zeros).

A 1024-bit key takes 1.16x10⁷⁷ times as long to crack as a 768-bit key (1 followed by 76 zeros).

A 2048-bit key takes 1.80x10³⁰⁸ times as long to crack as a 1024-bit key (about 2 followed by 307 zeros).

In each case the appropriate figure is 2^(B2-B1), where B1 is the number of bits in the smaller key, and B2 is the number of bits in the larger key.

I don't know where in the hell the reporter got his figures from, but they're too small by enormous orders of magnitude.

If every single atom in the universe were a computer a trillion times faster than the fastest computer today, and ran for a trillion years, you still wouldn't have enough computer power to crack a single 2048-bit key by brute force.

[ScuzzyTerminator]

In each case the appropriate figure is 2^(B2-B1), where B1 is the number of bits in the smaller key, and B2 is the number of bits in the larger key.

It's actually much less than that. The security of a key against brute force attack is proportional to the number of possible keys, not the size of a key. For RSA keys, most members of the keyspace are not valid keys since RSA keys are based on large prime numbers. An n-bit RSA key is nowhere near as secure as an n-bit conventional cipher key.

[Jeff Gordon]

you still wouldn't have enough computer power to crack a single 2048-bit key by brute force.

"I think there is a world market for about five computers." -IBM founder Thomas Watson Sr.

[Flightdeck]

"A 1024-bit key takes 1.16x10^77 times as long to crack as a 768-bit key (1 followed by 76 zeros)."

That would be a 1 followed by 77 zeros. Just like 1 times 10^2 is a one followed by 2 zeros.

[zeugma]

If every single atom in the universe were a computer a trillion times faster than the fastest computer today, and ran for a trillion years, you still wouldn't have enough computer power to crack a single 2048-bit key by brute force.

I call keys like that 'heat death' keys, because they'll take longer to decrypt than the ultimate fate of the universe.