1996-07-21 - Re: A Snake-Oil FAQ

Header Data

From: David Sternlight <david@sternlight.com>
To: The Deviant <WlkngOwl@unix.asb.com>
Message Hash: 06be14d082e395bf3d9a90644624ac6507aae98f2838af17a45c494b497672a9
Message ID: <v03007607ae1800d8c5b1@[]>
Reply To: <199607202058.QAA19736@unix.asb.com>
UTC Datetime: 1996-07-21 17:58:52 UTC
Raw Date: Mon, 22 Jul 1996 01:58:52 +0800

Raw message

From: David Sternlight <david@sternlight.com>
Date: Mon, 22 Jul 1996 01:58:52 +0800
To: The Deviant <WlkngOwl@unix.asb.com>
Subject: Re: A Snake-Oil FAQ
In-Reply-To: <199607202058.QAA19736@unix.asb.com>
Message-ID: <v03007607ae1800d8c5b1@[]>
MIME-Version: 1.0
Content-Type: text/plain

At 11:03 PM -0700 7/20/96, The Deviant wrote:

>>                           Snake-Oil Warning Signs
>>                         Encryption Software to Avoid
>>                               (Revision 0.1)
>Looks very nicely done.  I think you pretty much covered it... but...
>> Be wary of marketing gimmicks related to "if you can crack our
>> software" contests.
>Even the best cryptographers and security professionals have done this.
>RSA did it with their Public Key system, which took 20+ years to break.
>Throughout history, many security mechanisms, even the best ones,
>including Cyphers, Locks, Firewalls, etc. have been known to go as far as
>to offer prizes (some extremely high, upwards of a million dollars, some
>as low as RSA's famous $100 prize)
>I think that this one really is just a bit too broad.

So is your comment. What was broken was not public key, but a particular
key length (and by implication shorter ones). You can do that with just
about any system, even a one-time pad, by brute force, but it won't buy you
much more than sharpening your skills, for longer keys.

One particular public key algorithm (you aren't too specific here) WAS
broken a few years ago, but that was not RSA and isn't used any longer. If
memory isn't playing tricks on me it was the knapsack algorithm.