From: solman@MIT.EDU
To: tcmay@netcom.com (Timothy C. May)
Message Hash: e5ca6852f50a280812128f40bd00a9291176b43c01ba82f618e8398e3d102b8c
Message ID: <9407150728.AA13904@ua.MIT.EDU>
Reply To: <199407141909.MAA01482@netcom9.netcom.com>
UTC Datetime: 1994-07-15 07:29:01 UTC
Raw Date: Fri, 15 Jul 94 00:29:01 PDT
From: solman@MIT.EDU
Date: Fri, 15 Jul 94 00:29:01 PDT
To: tcmay@netcom.com (Timothy C. May)
Subject: Re: Key length security (calculations!)
In-Reply-To: <199407141909.MAA01482@netcom9.netcom.com>
Message-ID: <9407150728.AA13904@ua.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain
> > Still sounds pretty safe so far... if it really takes at least 20,000 times
> > as long to crack a 1024 bit modulus, then it would still take the 7400 C.E.
> > (Cray Equivalent) computer 24 years to crack a 1024 bit number. BUT, the
> > biggest worry is that no one knows how good the NSA's factoring algorithms
> > are. I read recently that the NSA is the world's largest employer of
> > mathematicians. The relative improvement in factoring algorithms since the
>
> Not to attack Doug's point, which has validity here (that we don't
> know what factoring advances NSA may have made), but I personally
> think the combined capabilities of "public domain mathematicians" are
> now far greater than what NSA has. Shamir, Odzylko, Blum, Micali,
> Rackoff, Goldwasser, Solovay, Berlenkamp, etc., are top-flight
> researchers, publishing many papers a year on these topics. It is
> unlikely that some GS-14 mathematicians at the Fort, not able to
> publish openly, have made much more progress. I think the resurgence
> of crypto in the 70s, triggered by public key methods and fueled by
> complexity theory breakthrough, caused a "sea change" in inside
> NSA-outside NSA algorithm expertise.
I disagree with this, and I would site as a case and point the fact
that differential cryptanalytic attacks were not "discovered" until
1990 while a relatively small team of IBM cryptologists had it back
in 1974 when they made DES. NSA apparently had it before then.
This is why I would rather find a fast secure mulitple DES method
based on spliting and not have to use IDEA which us so new. Before I
was born, NSA knew all of these things which were not figured out
by the academic community until this decade. (of course they could
also know of some sort of back door, but I think that the fact that
NSA knew of differential cryptography and let an algorithm immune to
it pass while they lowered the key size says something about DES's
security against attacks the academic community hasn't figured out yet.
The bottom line is that NSA has demonstrated that they can outperform
academia without public reviews of their method (LEAFs aside for the
moment [government agencies are after all required to do several stupid
things each year])
Cheers,
JWS
Return to July 1994
Return to “tcmay@netcom.com (Timothy C. May)”