From: Adam Shostack <adam@bwh.harvard.edu>
Date: Wed, 6 Jul 94 11:34:40 PDT
To: tcmay@netcom.com (Timothy C. May)
Subject: Re: Windows for Workgroups 3.11
In-Reply-To: <199407061715.KAA16045@netcom7.netcom.com>
Message-ID: <199407061734.NAA01905@bwh.harvard.edu>
MIME-Version: 1.0
Content-Type: text/plain


Tim May writes:

| But something to remember is that RSA Data Security Inc. has been
| concentrating on signing deals with Microsoft, Apple, Lotus, IBM,
| WordPerfect, Oracle, etc., to include strong crypto in their products.

	They also license Sun, who cut the modulus too low for 'secure
RPC.'  This allowed Brian LaMacchia and Andrew M. Odlyzko to
crytpanalyze secure RPC.

	Paying RSA money does not magically create a secure system for
you.  It merely licenses their patents, which can be a very solid base
on which to build.

Adam


>From: "Brian A. LaMacchia" <bal@martigny.ai.mit.edu>
>Cc: cypherpunks@toad.com
>In-Reply-To: Eric Hughes's message of Fri, 20 May 94 09:55:36 -0700,
>	<9405201655.AA11052@ah.com>
>
>Right.  Basically, what we found was that you needed the same amount of
>computation to factor a (k+10)-digit composite as to compute discrete
>logarithms in a field with k-digit modulus p.  The discrete log problem
>is brittle---you do a lot of precomputation for a particular modulus p
>and then finding individual discrete logs in GF(p) is easy---so you
>need to think carefully about the lifetime of the information you're
>going to encrypt and choose the size of your modulus accordingly.
>
>					--bal

@article{nfscrack,
   author = {Brian A. LaMacchia and Andrew M. Odlyzko},
   journal = {Designs, Codes, and Cryptography},
   pages = {46--62},
   title = {Computation of Discrete Logarithms in Prime Fields},
   volume = {1},
   year = {1991},
}




-- 
Adam Shostack 				       adam@bwh.harvard.edu

Politics.  From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.