From: “Richard J. Coleman” <coleman@math.gatech.edu>
To: cypherpunks@toad.com
Message Hash: e7c0fa32717e5c50474b478b3c0ff7e1d3d9a2e430e12a5cb28efc0416b0bbd8
Message ID: <199602090057.TAA07854@redwood.skiles.gatech.edu>
Reply To: <199602081528.KAA11525@light.lightlink.com>
UTC Datetime: 1996-02-09 01:48:13 UTC
Raw Date: Fri, 9 Feb 1996 09:48:13 +0800
From: "Richard J. Coleman" <coleman@math.gatech.edu>
Date: Fri, 9 Feb 1996 09:48:13 +0800
To: cypherpunks@toad.com
Subject: Re: Report available: "Minimal Key Lengths for Symmetric Ciphers"
In-Reply-To: <199602081528.KAA11525@light.lightlink.com>
Message-ID: <199602090057.TAA07854@redwood.skiles.gatech.edu>
MIME-Version: 1.0
Content-Type: text/plain
> I downloaded this so-called "report". It doesn't even mentions PGP.
> Gotta wonder why the 007 wannabe "experts" and the Big Business (BSA)
> want you to only use 90 bits for your keys and why they've never heard
> of PGP...
>
> Anyone who listens to crypto advice from people who's purpose in life
> is to listen to *YOU* gets what they deserve. I'll stay with PGP which
> has a 2048 bit key.
The group of 7 in question are definitely not `wannabes'. They are
about as knowledgeable a group as you could find outside of the NSA.
The report discussed the length of key needed for *symmetric*
crytosystems. As this pertains to PGP, it uses a 128 bit session key
for the IDEA symmetric algorithm. Not 2048.
Their recommendation was for a *minimum* of 90 bit keys for data
that must remain private for any length of time. Given the calculations
they stated, this seems reasonable.
Richard Coleman
coleman@math.gatech.edu
Return to February 1996
Return to ““Richard J. Coleman” <coleman@math.gatech.edu>”