Re: Elliptic Curve Cryptography algorithm for key exchange

From: Michel Gallant (neutron_at_nspxistar.ca)
Date: 10/30/03 

Date: Thu, 30 Oct 2003 13:45:15 -0500

"Sam Wilson" <sam.wilson@bentley.com> wrote in message news:epWd3JxnDHA.2424@TK2MSFTNGP10.phx.gbl...
> Bruce Schneier in Applied Cryptogrphy, Second Edition reports the same
> thing:
>
> *On the other hand* Schneier points out that the issue is really "How long
> does [the protected data] need to be secure?" If, as he says, a 1024-bit key
> is long enough to keep data secure for up to "even a few years" (p. 162),
> isn't that plenty good enough for an SSL session that will last only a few
> minutes? And even for signatures or e-mail messages that will last only a
> few years at most? I guess that's the rationale for using 1024-bit keys in
> communications-related software. But, let the developer beware before
> blindly adopting the same keylength for encrypting data long term!
>

Yes, imo it is extremely important to understand the difference between
long-term storage "sufficient", and short-term or transient storage.

So, for example, gov't organizations that store encrypted data on supposedly
physically secured servers, say personal information, tax data etc.., need to use
maximum possible protection.

So, that begs the question as to how the big security institutions, gov't, CIA etc.
are protecting their data, assuming as always that any physical servers can be
broken into.
How to encrypt for, say 15 year security (assuming that the access credentials
have very good protection).
What are the practices used today? surely this is public information? how to
banks encrypt their backup data?
or is it, again, security by obscurity? only the internal highly-security-cleared
personel on a need-to-know basis ?? ;-)

 - Michel Gallant
    http://pages.istar.ca/~neutron

Relevant Pages

  • MTIndia Newsletter - Proactive provisions to protect PHI
    ... on India's Information Security Environment. ... Security orientation of the Indian IT services and ITES-BPO market. ... Protection is through implication and therefore damages ... transcription and information management services to University of Michigan ...
    (sci.med.transcription)
  • Re: Vistas Security Rendered Completely Useless by New Exploit
    ... security conference was an analysis a number ... of the protection mechanisms built into Windows Vista and Windows Server ... presented a number of attacks against Vista's various security features ... impact of 'buffer overflows' ...
    (microsoft.public.windows.vista.general)
  • Re: Vistas Security Rendered Completely Useless by New Exploit
    ... security conference was an analysis a number ... of the protection mechanisms built into Windows Vista and Windows Server ... presented a number of attacks against Vista's various security features ... impact of 'buffer overflows' ...
    (microsoft.public.windows.vista.general)
  • Easy Money
    ... PINs and security codes were offered ... British bank details A fraudster offering to sell 30,000 British credit card ... Protection Act. ... addional powers that he says are needed to prevent breaches of data ...
    (uk.legal)
  • [REVS] Bypassing Client Application Protection Techniques
    ... Get your security news from a reliable source. ... protection programs. ... * Kerio Personal Firewall 4.0 ... And we got actually nothing in the field of client application ...
    (Securiteam)