1996-02-08 - Re: Report available: “Minimal Key Lengths for Symmetric Ciphers”

Header Data

From: “Karl A. Siil” <karl@cosmos.att.com>
To: cypherpunks@toad.com
Message Hash: 6052947e362f85d669a6831dc48cc29a286b2cc05bf73ea0420d647b0c87668d
Message ID: <2.2.32.19960208191353.006f1e74@135.20.124.11>
Reply To: N/A
UTC Datetime: 1996-02-08 20:05:48 UTC
Raw Date: Fri, 9 Feb 1996 04:05:48 +0800

Raw message

From: "Karl A. Siil" <karl@cosmos.att.com>
Date: Fri, 9 Feb 1996 04:05:48 +0800
To: cypherpunks@toad.com
Subject: Re: Report available: "Minimal Key Lengths for Symmetric Ciphers"
Message-ID: <2.2.32.19960208191353.006f1e74@135.20.124.11>
MIME-Version: 1.0
Content-Type: text/plain


At 10:28 AM 2/8/96 -0500, anonymous@freezone.remailer wrote:
>I downloaded this so-called "report". It doesn't even mentions PGP.
>Gotta wonder why the 007 wannabe "experts" and the Big Business (BSA)
>want you to only use 90 bits for your keys and why they've never heard
>of PGP...
>
>Anyone who listens to crypto advice from people who's purpose in life
>is to listen to *YOU* gets what they deserve. I'll stay with PGP which
>has a 2048 bit key.

Ummm, apples and oranges. The report focused on symmetric-key algorithms.
Also, the recommendation was for a *minimum* of 90 bits. I'm sure the
authors would be ecstatic to see *128-bit* (not 2048) IDEA like PGP (or does
PGP encrypt with RSA, too? I thought it only used RSA for signing. I admit
it. I don't know). The purpose of the report was not "90 bits is good." It
was "40 bits is *really* bad."

                                        Karl






Thread