1996-02-01 - Re: Crypto-smart-card startup Inside Technologies

Header Data

From: jim bell <jimbell@pacifier.com>
To: Peter Monta <cypherpunks@toad.com
Message Hash: e3a577d8018a56f64b6b196eaf8ffc7e9053296319ce5ee0ded40f5398fb3741
Message ID: <m0ti503-0008zrC@pacifier.com>
Reply To: N/A
UTC Datetime: 1996-02-01 20:59:38 UTC
Raw Date: Fri, 2 Feb 1996 04:59:38 +0800

Raw message

From: jim bell <jimbell@pacifier.com>
Date: Fri, 2 Feb 1996 04:59:38 +0800
To: Peter Monta <cypherpunks@toad.com
Subject: Re: Crypto-smart-card startup Inside Technologies
Message-ID: <m0ti503-0008zrC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

At 09:41 PM 1/31/96 -0800, Peter Monta wrote:
>jim bell <jimbell@pacifier.com> writes:
>
>> >  [ Inside Technologies ]
>> >  ..."In public-key cryptography, 512-bit keys are typical and
>> >  already vulnerable.  So we are looking at 640-bit-long keys
>> >  supported by a scalable design."
>> 
>> This kind of thing disgusts me.  We already know 512-bit keys are weak.  As
>> I recall, I was told that 512 bit keys could be cracked in 20,000
>> MIPS-years.  If the ballpark formula holds that adding 10 bits doubles the
>> security, that merely means that 640 bits is 2**(128/10) or 8000 times
>> strong.  While obviously better than 512, it is not ENOUGH better to make me
>> confident that this is a long-term secure length.  768 or 1024 bits should
>> be considered the minimum.  A deliberate design of 640 bits makes it look
>> like it's intended to be crackable in 5-10 years, much as DES was suspected
>> of a similar design decision in limiting its keylength to 56 bits.
>
>But the "scalable design" presumably means the hardware can deal
>with a variety of modulus lengths.  As you say, they would be
>short-sighted to make a fixed choice.

I hope you're right about this.  But there's something to keep in mind.  
Let's suppose that in 10 years 640 bits are "easily" cracked.  Anybody with 
the storage (money) to keep all these messages will have the power to sort 
through everything you said in 1996, '10 years later.'  Who has the money to 
even store these messages, as well as the inclination?
You guessed it, the government.

I realize that it is arguable that this would be possible, no matter what 
keylength is chosen.  True, someday 1024-bit keys might be easily cracked, 
but that will probably be 30-50 years from now, not 10.  In other words, 
"stretching" the technology today on the "encrypt" side makes storing these 
messages far less attractive, meaning that the government will have less 
motivation to do it, and will not be able to make the effort pay off for a 
few more decades.

I would like to see laws:

1.  Prohibiting the government from storing encrypted messages it can't 
currently decrypt for over, say, a couple of years.

1a.  Prohibiting any USE by the government of such messages obtained and 
stored by other entities, including individuals and private corporations, 
without the express permission of the sender AND receiver of the message.

2.  Prohibiting the government from even ATTEMPTING to decrypt a 
domestically-obtained encrypted message, without a warrant which is 
simultaneously given to the source of the message:  In other words, alerting 
him to the government's interest.


This is just a start.



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMREY2/qHVDBboB2dAQGZdgP+MjIK02fU6iysN77g1aWb1gx9bzDrZoh4
ePWmd9RRD3gnzYOSIng5dRCxEpT+0Cqe4cFQEqbD6GhHlfNOKwkTU/LAfhvOdKpo
QJ9t93Af3aCaLtFmtXyj1Ce20GNqkp7qqP5DLKjYSEH/bR64aTA0pfZ70aes/8C1
w1AYLdvglXA=
=p+3A
-----END PGP SIGNATURE-----






Thread