1994-06-22 - Re: Unofficial Release

Header Data

From: trollins@debbie.telos.com (Tom Rollins)
To: N/A
Message Hash: f8450cd6152760cb30f25880b9c7edd2fa175603e77d192c1e327095fd226349
Message ID: <9406221754.AA05954@debbie.telos.com>
Reply To: N/A
UTC Datetime: 1994-06-22 17:54:57 UTC
Raw Date: Wed, 22 Jun 94 10:54:57 PDT

Raw message

From: trollins@debbie.telos.com (Tom Rollins)
Date: Wed, 22 Jun 94 10:54:57 PDT
Subject: Re: Unofficial Release
Message-ID: <9406221754.AA05954@debbie.telos.com>
MIME-Version: 1.0
Content-Type: text/plain


Perry@imsi.com says:
>Tom Rollins says:
>> Ahhhh, It is nice to know that people won't even TRY to crack
>> big keys. Cracking, you know, is a lot like the lotto. You
>> MIGHT guess the correct key on the first TRY. But, if you
>> don't TRY, then you won't crack the key.
>>
>> 	"Gotta play to win"
>
>It is all a question of economics. Its one thing if your idle try has
>one in 10^6 chance of working, but if its one in 10^70 or something
>like that the attempt is pretty much pointless -- you are more likely
>to have a giant sack of gold hit you on the head. Even spending a
>penny on cracking something that way is uneconomical.

Our govenment has NEVER been very economical!

>They could spend a lot less effort simply
>getting your key via "practical cryptanalysis".

True, a good hose or pretty woman in the sack would loosen me up.
Except for my old key that hangs out on the pgp-key-servers.
Too bad, Lost that secret key...

>There is therefore no point in using a cryptosystem which would cost
>the enemy hundreds of billions of dollars to try to attack and then
>type in your key on a machine who's keystrokes can be monitored using
>$3000 in equipment. Which way would YOU try to get the keys, eh?

Say, that sounds like a good deal !
Where could I buy that.
Wow, hang out at Charles Schwab, or Meryll Lynch
and get account info...


>Unless you are already doing all your encryption in a Faraday cage,
>I'd say that there is no conceivable point in using anything over a
>2000 bit key -- indeed, there is probably no point in using such a key
>even if you are doing all your encryption in a Faraday cage.

Well, I work for C3-Telos and we make several lines of ruggedized
portable tempest capable equipment (like the one I am typing on).

>The benefit is minimal, and the cost, in terms of dramatically slowed
>performance, is very high. Using an 8000 bit key is like claiming you
>are stronger than the enemy because whereas he only has enough nuclear
>weapons to vaporize your city 15 times over you have enough to
>vaporize his 90 times over.

I don't need an 8000 bit key, but, I don't want the pgp-key-server
barfing on a 4096 bit key that I feel I need.
How can you put a price on someones life. You don't know
there situation. (think about OJ and fooling around with his wife)

Tim May says:
>If this was tongue in cheek, I missed it. Nobody in their right mind
>will try a brute force attack on a 1024-bit key, let alone a 1200- or
>2000-bit key. Unless there are flaws in PGP and/or RSA we haven't
>heard about.

So you or I won't try the crack. But then there are all those people who
are being paid from tax dollars to do nothing else but crack.
And all those high priced computers paid for with tax dollars
to do the cracking with.
Do you think they will just close up shop and sell off the equipment?

Yes, there are flaws. (some call them design compromises)
Why known text in the Idea data area?
Why CFB mode vs CBC mode?
Peter Gutman's SFS documentation makes reference to a class
of weak IDEA keys. What are they? And what do they do?


>As for lotto, simple calculations tell anyone that the best way to win
>is not to play. The return _at best_ is 30 or 40 cents on the
>dollar, with the rest going to all the various programs the lotto is
>supposed to support. The more you play, the more you lose.

I don't advocate that you play the lotto.
I am pointing out a fact that the lotto people use/say/claim to get
people to play their game and thus give them money.

>(I think gambling is a perfectly fine "tax on stupidity," collecting
>money from the gullible. However, banning gambling by private citizens
>while having the government run their own casinos and lotteries is
>crummy. It's government at its worst.)

I agree almost 100%






Thread