1994-06-22 - Re: Unofficial Release

Header Data

From: “Perry E. Metzger” <perry@imsi.com>
To: trollins@debbie.telos.com (Tom Rollins)
Message Hash: 458434c4fe2968158615b4f389fbedd889b00fdaa2970fe2ad20c649a7422372
Message ID: <9406221442.AA02745@snark.imsi.com>
Reply To: <9406221407.AA04259@debbie.telos.com>
UTC Datetime: 1994-06-22 14:42:25 UTC
Raw Date: Wed, 22 Jun 94 07:42:25 PDT

Raw message

From: "Perry E. Metzger" <perry@imsi.com>
Date: Wed, 22 Jun 94 07:42:25 PDT
To: trollins@debbie.telos.com (Tom Rollins)
Subject: Re: Unofficial Release
In-Reply-To: <9406221407.AA04259@debbie.telos.com>
Message-ID: <9406221442.AA02745@snark.imsi.com>
MIME-Version: 1.0
Content-Type: text/plain



Tom Rollins says:
> Ahhhh, It is nice to know that people won't even TRY to crack
> big keys. Cracking, you know, is a lot like the lotto. You
> MIGHT guess the correct key on the first TRY. But, if you
> don't TRY, then you won't crack the key.
> 
> 	"Gotta play to win"

It is all a question of economics. Its one thing if your idle try has
one in 10^6 chance of working, but if its one in 10^70 or something
like that the attempt is pretty much pointless -- you are more likely
to have a giant sack of gold hit you on the head. Even spending a
penny on cracking something that way is uneconomical.

Playing the lottery is an economic lose, plain and simple. Your
expected return is a loss. Having a small number of your workstations
that are otherwise idle trying to crack a DES key that would make you
a million dollars is likely cost effective; your expected return is a
win. Unless the NSA knows something very interesting about factoring
that we don't (not merely an algorithm that is a constant factor of a
million faster, say), trying to crack a 2000 bit RSA key is without
question an economic lose. They could spend a lot less effort simply
getting your key via "practical cryptanalysis". 

There is therefore no point in using a cryptosystem which would cost
the enemy hundreds of billions of dollars to try to attack and then
type in your key on a machine who's keystrokes can be monitored using
$3000 in equipment. Which way would YOU try to get the keys, eh?

Unless you are already doing all your encryption in a Faraday cage,
I'd say that there is no conceivable point in using anything over a
2000 bit key -- indeed, there is probably no point in using such a key
even if you are doing all your encryption in a Faraday cage. The
benefit is minimal, and the cost, in terms of dramatically slowed
performance, is very high. Using an 8000 bit key is like claiming you
are stronger than the enemy because whereas he only has enough nuclear
weapons to vaporize your city 15 times over you have enough to
vaporize his 90 times over.

Perry





Thread