1993-08-31 - Re: Apple, privacy, and AOCE

Header Data

From: collins@newton.apple.com (Scott Collins)
To: greg@ideath.goldenbear.com (Greg Broiles)
Message Hash: 54c3040a5d063847a4e6b414c33a052b5f0d44c8dbda733bfcc61a514847bb11
Message ID: <9308311334.AA07407@newton.apple.com>
Reply To: N/A
UTC Datetime: 1993-08-31 13:46:31 UTC
Raw Date: Tue, 31 Aug 93 06:46:31 PDT

Raw message

From: collins@newton.apple.com (Scott Collins)
Date: Tue, 31 Aug 93 06:46:31 PDT
To: greg@ideath.goldenbear.com (Greg Broiles)
Subject: Re: Apple, privacy, and AOCE
Message-ID: <9308311334.AA07407@newton.apple.com>
MIME-Version: 1.0
Content-Type: text/plain


  >I found the idea that RSADSI will be generating folks' key pairs
  >particularly chilling.

What I gathered from actually using this software is that you personally
generate a key pair, on your own machine, and then transparently send your
public key to RSADSI.  Some time later, you receive a certificate (with an
expiration date) that allows your 'signer' to function.  RSADSI does not
make, or even see, your private key.


  >The article accompanying these sidebars suggests that folks' private keys
  >will be stored on the server;

My understanding is that address books on the [optional] servers may have
copies of certificates, for people who have certificates and want them
published.


  >the article [...] must be the result of miscommunication

yes


  >The NSA recently signed an agreement with the Software Publishers
  >Association that will provide expedited approval of RC-4 encryption based
  >on 40-bit keys.

Not surprising, since a pre-computation attack allowing a direct key lookup
against RC-4 with 40 bit keys is economically feasible for anyone who can
afford a CD-ROM jukebox (128 mips-years of computation + 8 terabytes of
storage).


  >NSA [...] will allow slightly more-powerful scrambling capabilities
  >[in AOCE] AOCE uses 64-bit keys, and larger keys mean better security.

This could mean anything.  They might actually be using 64 bit keys (which
would be good, although 80 bits is recommended), or they might be using 40
bit keys with 24 bits of salt (or worse: 32 and 32).  Salted keys (key+salt
of sufficient size), stop the precomputed attack, but if the actual key
size, without salt, is still only 40 bits, then exhaustive search of the
keyspace, after the salt has been seen, will only take 64 mips-years.


Scott Collins         | "Few people realize what tremendous power there
                      |  is in one of these things."     -- Willy Wonka
......................|................................................
BUSINESS.   voice:408.862.0540  fax:974.6094   collins@newton.apple.com
Apple Computer, Inc.   1 Infinite Loop, MS 301-2C   Cupertino, CA 95014
.......................................................................
PERSONAL.   voice/fax:408.257.1746    1024:669687   catalyst@netcom.com






Thread