From: Declan McCullagh <declan@well.com>
Date: Wed, 5 Jun 1996 01:54:09 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: CWD: "Jacking in from the "One that Got Away" Port
In-Reply-To: <199606040610.XAA02467@mail.pacifier.com>
Message-ID: <Pine.3.89.9606040505.A13202-0100000@well>
MIME-Version: 1.0
Content-Type: text/plain


Yeah, we fucked up here and are getting rightfully flamed.

A more accurate way to say this would be something like:

1024-bit RSA is as hard to crack as three nested iterations of 56-bit DES.
The key length for symmetric-key cryptosystems isn't comparable to the key
length for public key cryptosystems. 

And now that I'm at it, I'm now told that it was a Captain Marvel decoder 
ring.

Apologies, all.

-Declan


> > That key length stuff is just so much gibberish to those playing
> > without a scorecard, so let me drill down on it for you.  Basically,
> > the longer the key length, the harder it is for a message to be broken
> > by "brute force" automated attacks.  Current U.S. laws prohibit the
> > export of any encryption device with a key length longer than 40-bits,
> > or roughly the equivalent of  Captain Crunch decoder ring. For hardcore
> > math types, I'm told that a 1024-bit key length is 10 to the 296th
> > power more difficult to break than 40 bits.
> 
> I sure do wish they'd get things like this a bit more accurate...  Oh, well, 
> I suppose it doesn't really matter...
> 
> 
> Jim Bell
> jimbell@pacifier.com
>