From: Adam Shostack <adam@homeport.org>
Date: Sat, 9 Dec 95 13:48:12 PST
To: jimbell@pacifier.com (jim bell)
Subject: Re: More FUD from First Virtual
In-Reply-To: <m0tOVMF-000927C@pacifier.com>
Message-ID: <199512092151.QAA05278@homeport.org>
MIME-Version: 1.0
Content-Type: text


jim bell wrote:

[Good points about cost of transactions deleted]

| The answer, I think, it that there would be no problem finding people to
| take that risk in exchange for the return, ESPECIALLY if they have some
| input into the design (level of security) of the system.  They might insist
| on 2048-bit RSA keys, instead of 1024-bit, for example.

	(I know its only an example, but...)

	Key length is not what is needed for better security; more
solid code and better interfaces are needed.  (I might also argue for
hardware keys that are more difficult to steal..)

	Cryptosystems fail because of bad storage of keys, coding
mistakes, accidentally writing passphrases to disk during a swap, etc.
Moving to 2048 bit keys is no help if you lose the key to a
non-cryptanalytic attack.  Moving to keys with a week or day lifetimes
might be better.  

	You need to figure how the system might fail, and design to
protect yourself from those failures.  Keys with a thousand bits
aren't lost to factoring very often.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume