Re: 1024 bit key considered insecure (sshd)

From: pgreen (polytarp@m-net.arbornet.org)
Date: 08/30/02


Date: Fri, 30 Aug 2002 17:38:44 -0400 (EDT)
From: pgreen <polytarp@m-net.arbornet.org>
To: "Perry E. Metzger" <perry@piermont.com>

What I'm thinking, is that we need a solution based on real fact. Even a
normal high-school kid could see that this isn't scientific atol. What
I'm suggesting: something based on universal rhetoric.

What does this mean? Well, I think some formulae should do the trick of
explaining it:

        8 ** x
        ----
        \
         \
         / sin(6 ** x) * ( 4 5 6 - ( 5 4 5)
        / 8 2 5 )
        ----

        (define square (x)
                (+ x x x)
                (square (x))
        )

I think this prooves my point.
It is a non-rhetorical system of encryption.
Will we still rely on the old system?
        I think not.

On 30 Aug 2002, Perry E. Metzger wrote:

>
> Michael W Mitton <mmitton@hmcon.com> writes:
> > My data may not be worth a billion dollars, but I can be fairly certain
> > that I am part of a group ( a rather _large_ group ) whose combined
> > information is worth that.
>
> The combination is not of much importance because the combination
> doesn't share a single key. A machine can only crack so many keys per
> unit time. If you build a device that costs you a billion dollars and
> can only crack one key every six months, you are going to to be very
> careful about which key you choose to crack because each key costs you
> hundreds of millions in amortized cost to crack.
>
> > Beside, I'm sure the federal government ( any federal government )
> > wouldn't blink an eye at 1 billion dollars if they could read everyones
> > email. ;)
>
> Again, at best this offers you the THEORETICAL possibility of reading
> any particular individual's mail. You still have to spend huge
> resources on cracking that one key, assuming that this is even
> possible. (The jury is still out on that.) There is a distinction
> between saying that one can crack ANYONE'S key and saying you can
> crack EVERYONE'S key. One implies being able to break a few if you
> really really want to, the other implies being able to break all
> cheaply and quickly.
>
> I would like to repeat that using longer key lengths is not
> necessarily stupid -- just not something to be contemplated as an
> imminent emergency. Certainly the jury is still out on just how
> practical factoring 1024 bit numbers is using the latest algorithms
> and hardware acceleration.
>
>
> --
> Perry E. Metzger perry@piermont.com
> --
> "Ask not what your country can force other people to do for you..."
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages

  • Re: 1024 bit key considered insecure (sshd)
    ... A machine can only crack so many ... If you build a device that costs you a billion ... >> between saying that one can crack ANYONE'S key and saying ... One implies being able to break a few ...
    (FreeBSD-Security)
  • Re: 1024 bit key considered insecure (sshd)
    ... > information is worth that. ... A machine can only crack so many keys per ... careful about which key you choose to crack because each key costs you ... One implies being able to break a few if you ...
    (FreeBSD-Security)
  • Re: The Sun: Why not legalise drugs
    ... >>> I deliberately picked the most expensive type of treatment I could ... >>> We're debating costs. ... >> You planning to give crack away on the NHS then? ...
    (uk.politics.drugs)
  • Re: Seam showing in flame maple top
    ... Yes I think I understand what you are saying, however, this top is ... already glued-on, so the folding thing isn't possible at this point. ... Most of the crack will be hidden by the bridge, ... be a professional burst with poly, ...
    (rec.music.makers.builders)
  • Re: [Full-Disclosure] Wiretap or Magic Lantern? (on PGP)
    ... Okay look, I'm not saying they can crack it, and I'm not saying they can't... ... yourself these two basic questions: ...
    (Full-Disclosure)