From: Black Unicorn <unicorn@schloss.li>
To: Adam Shostack <adam@homeport.org>
Message Hash: 48938995b9a722fd23de80cae32221ae09b49ac0d0241c3a9ff4d143180ff9b7
Message ID: <Pine.SUN.3.96.970513104902.9012W-100000@polaris.mindport.net>
Reply To: <199705131154.HAA20161@homeport.org>
UTC Datetime: 1997-05-13 15:29:25 UTC
Raw Date: Tue, 13 May 1997 23:29:25 +0800
From: Black Unicorn <unicorn@schloss.li>
Date: Tue, 13 May 1997 23:29:25 +0800
To: Adam Shostack <adam@homeport.org>
Subject: Re: The War is Underway (fwd)
In-Reply-To: <199705131154.HAA20161@homeport.org>
Message-ID: <Pine.SUN.3.96.970513104902.9012W-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain
On Tue, 13 May 1997, Adam Shostack wrote:
> Black Unicorn wrote:
>
> | > Systems that use randomly generated keys are
> | > limited only by the amount of available entropy, but then the passphrase
> | > security to encrypt the secret key or physical security become important.
> | > Using excessively long keys does not do much for security, as there are
> | > always going to be weaker links that an attacker can take advantage of.
> | > It doesn't hurt to use a 256-bit key, or larger, but it doesn't do much
> | > good, either.
> |
> | Again, you have taken an important concept, total security, and reversed
> | it. Instead of aiming to make each link as strong as possible, you have
> | aimed to design around the weakest link.
> |
> | This is a serious mistake in my view.
>
> I disagree with your approach. In the real world, budgets are
> limited, time is limited, the pool of really decent people on any
> given project is small. Fixing or strengthening the weakest link is
> my usual approach to these things. Not as nice as having a
> bulletproof design from the start, but there aren't enough smart
> cypherpunks out there consulting. (More on that in another post.)
I conceed this general point, but in context it does not stand up.
Specifically we were referring to the trade off between cipher keylength
and password size.
It was proposed that because people were unlikely to deal with passwords
large enough to fill the key with e.g., 128 bits of entropy, that it was
worthless to bother with 128 bit symetric ciphers. I find this a hard
position to support.
>
> | It costs little today to develop a cipher with larger keyspace. (DES with
> | independent subkeys already exists and has a basic keyspace of 768 bits.
> | A meet in the middle attack reduces keyspace to 2^384. Schneier discusses
> | the cipher briefly). If users are willing to deal with large keys (I
> | certainly am) then software designers are restraining a more secure
> | implementation.
>
> It takes an academic cryptographer about 6 months to develop a
> cipher. Most academics don't see a point to moving beyond the 448
> bits available in Blowfish.
Ok, where are the 256+ bit blowfish implementations?
> Adam
>
> --
> "It is seldom that liberty of any kind is lost all at once."
> -Hume
--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist Switzerland
Rebel Directive #7:Avoid soccer games when a government assault threatens.
Return to May 1997
Return to ““Mark M.” <markm@voicenet.com>”