From: Dossy (dossy@panoptic.com)
Date: Tue Apr 30 2002 - 11:51:52 MDT
On 2002.04.30, Eugen Leitl <eugen@leitl.org> wrote:
> You can drop the "reasonable" (the initial estimate was off by several
> orders of magnitude), and the estimated price tag is G$.
We're talking about a published paper produced by a single individual.
I can only speculate about what sorts of classified documents exist
out there discussing better techniques than Bernstein's proposal,
but I'm willing to bet that there are such documents.
I wouldn't be surprised to find that some organization has already
created machinery to defeat large RSA keys in reasonable time. I
doubt that the organization would ever make this public knowledge
voluntarily.
> Read up on the
> impact of Bernstein's paper, if any, at
> http://www.rsasecurity.com/rsalabs/ and at cypherpunks list archives node
> of your choice.
> > keys are not secure!" ... when have they ever been?
>
> You're spreading pure FUD. Recommendations for key lenghts based on state
> of the art have been around for many years, and is it happens deep
> paranoia users (Lucky Green would qualify) shouldn't have had any 1024 bit
> RSA keys to revoke in the year 2002 A.D.
This isn't FUD. Can we agree that "if, at some undetermined
point in the future, there will be a way to compromise an N-length
key, then it is not secure for protecting data that isn't timely."
In other words, if data that isn't timely (it's useful regardless of
when it's known) can be decrypted, then regardless of when it's
decrypted, it's not secure?
To bring this to everyday use: Yes, if credit card companies issued
cards that expired in 3 years AND perhaps changed the credit card
number at that time, then if it took more than 3 years to decrypt
a message that included my credit card number, then the encryption
is "secure." However, if 15 years ago you were placed into the
Witness Protection Program and your whereabouts were encrypted
with technology that would take 20 years to break ... would you
feel that the encryption was "secure" if you had an unwanted visitor
show up in 5 years looking for the old you?
Nobody should be foolish enough to believe that there exists any
two-way encryption (one that can be decrypted into its original
form) that cannot be broken. The amount of "security" offered
should be measured not in "N-number of bits" which is misleading,
but instead in terms of how much effort it would take to
decrypt it using brute force (or, the most optimal known algorithm,
which may be more meaningful).
Perhaps this is FUD. Perhaps 1024-bit RSA keys really do offer
millions of years worth of security using today's computing power.
Maybe I'm just paranoid -- I'm so paranoid, I don't even use
security because I already think that there are folks out there
who can bring it back into cleartext if they needed to, so it's
just inconveniencing me ...
But, maybe I'm right. Maybe there's an organization out there
who has spent $20B a year for the past 40 years and has built
a large, multiple square-mile computing machine underneath the
desert or somesuch, that can break even larger crypto in a matter
of minutes.
Of course, I'm sure if I had any kind of possible proof of this,
I'd be dead by now ...
-- Dossy
--
Dossy Shiobara mail: dossy@panoptic.com
Panoptic Computer Network web: http://www.panoptic.com/
"He realized the fastest way to change is to laugh at your own
folly -- then you can let go and quickly move on." (p. 70)
This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:13:43 MST