[Cryptography] understanding PGP etc. -- best public cryptanalysis

[John Denker]

On 08/08/2018 11:45 PM, Matt Maxson wrote:

> The question was, basically, if someone has access to both a PGP 
> encrypted email and a plain text version of the same email, can an 
> attacker determine the key.  The answer given was "no".
> 
> I don't understand.  Why can't that happen?  For example, if I have 
> 10 + x = 50  (this can be replaced with any formula that has exactly 
> one unknown), I can solve for X.  In my thinking, isn't the unknown 
> in the equation simply the key?  Sure, the maths are more complex, 
> but it should be a trivial issue to work backwards and solve for the 
> key.
Rather than "no", a more precise answer would be "it's
infeasible -- so far as we know".

1) We do *not* have any formal proof that the crypto used
 by PGP is unbreakable.

2) In fact, all crypto of the kind we are considering
 can be defeated "in principle" given unlimited computing
 resources.  Just do a brute-force search of the key
 space.

 Beware that the keyspace is *very* large.  We are not talking
 about two-digit numbers, as in the example above, but rather
 100-digit numbers.  There are a *lot* of those.

3) The strongest statement that can be made goes something
 like this:  Using publicly-known methods and present-day
 (or reasonably foreseeable) hardware, nobody has enough
 resources to crack your message on any relevant timescale.

If you want to google something, you might start here:
  https://www.google.com/search?q=aes+"best+public+cryptanalysis"