From: Bill Stewart <bill.stewart@pobox.com>
Date: Tue, 20 Jan 1998 16:29:51 +0800
To: Ryan Lackey <matt.barrie@stanford.edu>
Subject: Re: (eternity) Eternity as a secure filesystem/backup medium
In-Reply-To: <3.0.5.32.19980117194905.008024e0@pobox1.stanford.edu>
Message-ID: <3.0.5.32.19980118221351.0083a220@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



At 09:33 AM 1/18/98 EST, Ryan Lackey wrote:
>Documents by specification last only as long as someone is willing to pay
>to keep them up.  This is not necessarily forever.  

But it can be, and the costs of doing so aren't much higher than
storing it for the first couple of years.  Depends on what service
the customer wants to buy.  And there are applications that
require more than 100 years of data protection, e.g. ownership
of copyrights which last 50 years beyond the author's death.

But for Matt Barrie's question, any permanent document will do.
>> Can we assume that using Moore's law this is at
>> least 1 bit every 18 months for symmetric crypto? 
>Do the math, though, for 128bit.  There are traditional analyses 
>which include the amount of silicon on the earth, the number of atoms
>in the universe, etc.  The general consensus is that traditional 
>techniques are not feasible for brute forcing 128bit ciphers before 
>the heat death of the universe.

Hard to say.  Assuming that Quantum Cryptography doesn't allow
finite-sized computers to do large exponentially complex calculations
in short finite time, you're probably limited by the number of atoms
in the available supply of planets, and Heisenberg may still get you
if that's not a low enough limit.  Moore's law isn't forever.
But there's no particular reason to limit RC4 or RC5 to 128 bits;
those are convenient sizes for MD5 hashes of passphrases.
So if you're paranoid, use RC4-256 and superencrypt with 5-DES.
				Thanks! 
					Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639