From: Adam Shostack <adam@bwh.harvard.edu>
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Message Hash: 1af2dd2f0ec43fe85f4828ce2da912d93188fb6a27c46dc2c4994612aa12b573
Message ID: <199509021859.OAA02093@bwh.harvard.edu>
Reply To: N/A
UTC Datetime: 1995-09-03 08:00:36 UTC
Raw Date: Sun, 3 Sep 95 01:00:36 PDT
From: Adam Shostack <adam@bwh.harvard.edu>
Date: Sun, 3 Sep 95 01:00:36 PDT
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Crypto '95
Message-ID: <199509021859.OAA02093@bwh.harvard.edu>
MIME-Version: 1.0
Content-Type: text/plain
Perry asked for an overview of Crypto '95. I missed the rump
session, so hopefully someone else will write about that.
The best talks were probably by Ross Anderson (Robustness
Principles for Public Key Protocols) and Adi Shamir (Myths and
Realities of Cryptography).
Since Anderson's paper is in the proceedings, I won't rehash
it here, but Shamir's talk is not, I present his 10 commandments of
Commercial Security:
1. Don't aim for perfect security.
2. Don't solve the wrong problem.
3. Don't try to sell security bottom up.
4. Don't use cryptographic overkill.
5. Don't make it complicated.
6. Don't make it expensive.
7. Don't use a single line of defense.
8. Don't forget the mystery attack.
(Know how to regenerate security when you don't know whats
going wrong.)
9. Don't trust systems.
10. Don't trust people.
In other news:
Richard Schroeppel, Hillarie Orman (and others) presented some
speedups to elliptic curve systems, based on fast calculation of
reciprocals. The speedup is about a factor of 3.
There were some interesting analysis of RC5, SAFER-K64.
Bruce Dodsen and Arjen Lenstra presented some interesting
results running NFS with four large primes. From their abstract:
"[factoring with 2 large primes] completion time can quite accurately
be predicted...For NFS such extrapolations seem to be impossible--the
number o useful combinations suddenly `explodes' in an as yet
unpredictable way, that we have not yet been able to understand
completely. The consequence of this is that NFS factoring is
substantially faster than expected, which implies that factoring is
somewhat easier than we thought."
Please note that that doesn't mean RSA has been broken, or
that they can factor products of large primes in their heads. It
means that there are speedups possible, but not enough that anyone
should be worrying about a 1024 bit key.
The best quote of the conference was doubtless Robert Morris,
Sr, reminding us of the first rule of cryptanalysis, "Don't forget to
look for plaintext."
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
Return to September 1995
Return to “chen@intuit.com (Mark Chen)”