From: Bill Stewart <stewarts@ix.netcom.com>
To: declan@well.com (Declan McCullagh)
Message Hash: c3b74843ca113ac0d5d721b153974329184fe97285e51d8da8d125849ce2483f
Message ID: <199606080749.AAA26078@toad.com>
Reply To: N/A
UTC Datetime: 1996-06-08 11:00:20 UTC
Raw Date: Sat, 8 Jun 1996 19:00:20 +0800
From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 8 Jun 1996 19:00:20 +0800
To: declan@well.com (Declan McCullagh)
Subject: Re: How to explain crypto?
Message-ID: <199606080749.AAA26078@toad.com>
MIME-Version: 1.0
Content-Type: text/plain
At 01:50 PM 6/4/96 -0500, Declan wrote:
>For example, someone sent me this explanation:
> "The 1024 bit key is likely an RSA key, and is not comperable to a 40 bit
> symetric key. From memory, 1024 bit RSA is about as hard to crack as 90
> bit symetric."
>Is this a reasonable comparison?
It's probably close enough for anti-government work; the relative strength
depends a lot on whether you're using general-purpose computers or
custom crackerboxes, and on the state of the art in factoring technologies.
I'd be tempted to be verbose and say that public-key systems like RSA
use prime numbers for keys, so they need to be a lot longer than
secret-key algorithms like DES or RC4 which can use any number as a key but
need to keep it secret. You can double the cracking effort by adding
one bit to a secret key or about 10 to a public key.
500-bit public keys and 56-bit secret keys are about the limit of cracking
technology for organizations with a couple of million dollars spare for
supercomputers, which is your desktop in 5-10 years.
The NSA's Clipper Chip used 80-bit keys, which is about 20 years' protection
against people who can't use the built-in wiretap or bribe a cop to
get a warrant. One problem with these secret hardware designs is that you
usually can't tell if there's a back-door unless they tell you - or goof up
like they did with the Clipper's short checksum.
# Thanks; Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
# Dispel Authority!
Return to June 1996
Return to “Robert Hettinga <rah@shipwright.com>”