From: jim bell <jimbell@pacifier.com>
To: Peter Monta <cypherpunks@toad.com
Message Hash: e3a577d8018a56f64b6b196eaf8ffc7e9053296319ce5ee0ded40f5398fb3741
Message ID: <m0ti503-0008zrC@pacifier.com>
Reply To: N/A
UTC Datetime: 1996-02-01 20:59:38 UTC
Raw Date: Fri, 2 Feb 1996 04:59:38 +0800
From: jim bell <jimbell@pacifier.com>
Date: Fri, 2 Feb 1996 04:59:38 +0800
To: Peter Monta <cypherpunks@toad.com
Subject: Re: Crypto-smart-card startup Inside Technologies
Message-ID: <m0ti503-0008zrC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
At 09:41 PM 1/31/96 -0800, Peter Monta wrote:
>jim bell <jimbell@pacifier.com> writes:
>
>> > [ Inside Technologies ]
>> > ..."In public-key cryptography, 512-bit keys are typical and
>> > already vulnerable. So we are looking at 640-bit-long keys
>> > supported by a scalable design."
>>
>> This kind of thing disgusts me. We already know 512-bit keys are weak. As
>> I recall, I was told that 512 bit keys could be cracked in 20,000
>> MIPS-years. If the ballpark formula holds that adding 10 bits doubles the
>> security, that merely means that 640 bits is 2**(128/10) or 8000 times
>> strong. While obviously better than 512, it is not ENOUGH better to make me
>> confident that this is a long-term secure length. 768 or 1024 bits should
>> be considered the minimum. A deliberate design of 640 bits makes it look
>> like it's intended to be crackable in 5-10 years, much as DES was suspected
>> of a similar design decision in limiting its keylength to 56 bits.
>
>But the "scalable design" presumably means the hardware can deal
>with a variety of modulus lengths. As you say, they would be
>short-sighted to make a fixed choice.
I hope you're right about this. But there's something to keep in mind.
Let's suppose that in 10 years 640 bits are "easily" cracked. Anybody with
the storage (money) to keep all these messages will have the power to sort
through everything you said in 1996, '10 years later.' Who has the money to
even store these messages, as well as the inclination?
You guessed it, the government.
I realize that it is arguable that this would be possible, no matter what
keylength is chosen. True, someday 1024-bit keys might be easily cracked,
but that will probably be 30-50 years from now, not 10. In other words,
"stretching" the technology today on the "encrypt" side makes storing these
messages far less attractive, meaning that the government will have less
motivation to do it, and will not be able to make the effort pay off for a
few more decades.
I would like to see laws:
1. Prohibiting the government from storing encrypted messages it can't
currently decrypt for over, say, a couple of years.
1a. Prohibiting any USE by the government of such messages obtained and
stored by other entities, including individuals and private corporations,
without the express permission of the sender AND receiver of the message.
2. Prohibiting the government from even ATTEMPTING to decrypt a
domestically-obtained encrypted message, without a warrant which is
simultaneously given to the source of the message: In other words, alerting
him to the government's interest.
This is just a start.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMREY2/qHVDBboB2dAQGZdgP+MjIK02fU6iysN77g1aWb1gx9bzDrZoh4
ePWmd9RRD3gnzYOSIng5dRCxEpT+0Cqe4cFQEqbD6GhHlfNOKwkTU/LAfhvOdKpo
QJ9t93Af3aCaLtFmtXyj1Ce20GNqkp7qqP5DLKjYSEH/bR64aTA0pfZ70aes/8C1
w1AYLdvglXA=
=p+3A
-----END PGP SIGNATURE-----
Return to February 1996
Return to “Simon Spero <ses@tipper.oit.unc.edu>”