1996-07-21 - Re: A Snake-Oil FAQ

Header Data

From: David Sternlight <david@sternlight.com>
To: The Deviant <WlkngOwl@unix.asb.com>
Message Hash: 06be14d082e395bf3d9a90644624ac6507aae98f2838af17a45c494b497672a9
Message ID: <v03007607ae1800d8c5b1@[192.187.162.15]>
Reply To: <199607202058.QAA19736@unix.asb.com>
UTC Datetime: 1996-07-21 17:58:52 UTC
Raw Date: Mon, 22 Jul 1996 01:58:52 +0800

Raw message

From: David Sternlight <david@sternlight.com>
Date: Mon, 22 Jul 1996 01:58:52 +0800
To: The Deviant <WlkngOwl@unix.asb.com>
Subject: Re: A Snake-Oil FAQ
In-Reply-To: <199607202058.QAA19736@unix.asb.com>
Message-ID: <v03007607ae1800d8c5b1@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 11:03 PM -0700 7/20/96, The Deviant wrote:

>>
>>                           Snake-Oil Warning Signs
>>                         Encryption Software to Avoid
>>
>>                               (Revision 0.1)
>>
>>
>
>Looks very nicely done.  I think you pretty much covered it... but...
>
>>
>> Be wary of marketing gimmicks related to "if you can crack our
>> software" contests.
>>
>
>Even the best cryptographers and security professionals have done this.
>RSA did it with their Public Key system, which took 20+ years to break.
>Throughout history, many security mechanisms, even the best ones,
>including Cyphers, Locks, Firewalls, etc. have been known to go as far as
>to offer prizes (some extremely high, upwards of a million dollars, some
>as low as RSA's famous $100 prize)
>
>I think that this one really is just a bit too broad.

So is your comment. What was broken was not public key, but a particular
key length (and by implication shorter ones). You can do that with just
about any system, even a one-time pad, by brute force, but it won't buy you
much more than sharpening your skills, for longer keys.

One particular public key algorithm (you aren't too specific here) WAS
broken a few years ago, but that was not RSA and isn't used any longer. If
memory isn't playing tricks on me it was the knapsack algorithm.

David

Thread

• Return to July 1996

• Return to “Adam Shostack <adam@homeport.org>”
• Return to “David Sternlight <david@sternlight.com>”
• Return to ““Deranged Mutant” <WlkngOwl@unix.asb.com>”
• Return to “dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)”
• Return to “ichudov@algebra.com (Igor Chudov @ home)”
• Return to “Jeremey Barrett <jeremey@forequest.com>”
• Return to “Simon Spero <ses@tipper.oit.unc.edu>”
• Return to “Steven L Baur <steve@miranova.com>”

• Return to “The Deviant <deviant@pooh-corner.com>”

• 1996-07-20 (Sun, 21 Jul 1996 07:21:54 +0800) - A Snake-Oil FAQ - “Deranged Mutant” <WlkngOwl@unix.asb.com>
  • 1996-07-21 (Sun, 21 Jul 1996 16:01:51 +0800) - Re: A Snake-Oil FAQ - The Deviant <deviant@pooh-corner.com>
    • 1996-07-21 (Mon, 22 Jul 1996 03:51:05 +0800) - Re: A Snake-Oil FAQ - Jeremey Barrett <jeremey@forequest.com>
    • 1996-07-21 (Mon, 22 Jul 1996 04:51:38 +0800) - Re: A Snake-Oil FAQ - Steven L Baur <steve@miranova.com>
  • 1996-07-21 (Mon, 22 Jul 1996 01:58:52 +0800) - Re: A Snake-Oil FAQ - David Sternlight <david@sternlight.com>
    • 1996-07-21 (Mon, 22 Jul 1996 06:35:25 +0800) - Re: A Snake-Oil FAQ - Simon Spero <ses@tipper.oit.unc.edu>
      • 1996-07-21 (Mon, 22 Jul 1996 07:38:52 +0800) - Re: A Snake-Oil FAQ - The Deviant <deviant@pooh-corner.com>
      • 1996-07-22 (Mon, 22 Jul 1996 08:49:00 +0800) - Re: A Snake-Oil FAQ - dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
        • 1996-07-22 (Mon, 22 Jul 1996 14:44:24 +0800) - Re: A Snake-Oil FAQ - ichudov@algebra.com (Igor Chudov @ home)
    • 1996-07-22 (Mon, 22 Jul 1996 12:17:37 +0800) - Re: A Snake-Oil FAQ - David Sternlight <david@sternlight.com>
      • 1996-07-22 (Mon, 22 Jul 1996 13:49:43 +0800) - Re: A Snake-Oil FAQ - Simon Spero <ses@tipper.oit.unc.edu>
      • 1996-07-22 (Mon, 22 Jul 1996 17:21:19 +0800) - Re: A Snake-Oil FAQ - David Sternlight <david@sternlight.com>
        • 1996-07-22 (Mon, 22 Jul 1996 17:19:36 +0800) - Re: A Snake-Oil FAQ - Simon Spero <ses@tipper.oit.unc.edu>
  • 1996-07-21 (Mon, 22 Jul 1996 05:54:44 +0800) - Re: A Snake-Oil FAQ - Adam Shostack <adam@homeport.org>