From: Bryan Waters <waters@ultimateprivacy.com>
To: Ryan Lackey <rdl@MIT.EDU>
Message Hash: d6d2f52f10599db7f9687284e63f29113ca5cb784818ebe9dc8ff9dd420f3bc3
Message ID: <199807202023.QAA08696@omniwork.com>
Reply To: <199807201732.NAA25239@denmark-vesey.MIT.EDU>
UTC Datetime: 1998-07-20 20:24:01 UTC
Raw Date: Mon, 20 Jul 1998 13:24:01 -0700 (PDT)
From: Bryan Waters <waters@ultimateprivacy.com>
Date: Mon, 20 Jul 1998 13:24:01 -0700 (PDT)
To: Ryan Lackey <rdl@MIT.EDU>
Subject: Re: 3DES weak because DES falls to brute-force? (was Re: John Gilmore...)
In-Reply-To: <199807201732.NAA25239@denmark-vesey.MIT.EDU>
Message-ID: <199807202023.QAA08696@omniwork.com>
MIME-Version: 1.0
Content-Type: text/plain
>I don't find it useful to worry about possible new general cryptanalytic
>breakthroughs: it is basically impossible to defend against them. In
>the face of an attacker who has infinite secret cryptanalytic ability
>(within the bounds of what can be done brute-force wise) only an OTP
>would be useful, but we are talking long-term archival here.. I don't
>see how an OTP helps us. If we have a secure vault to lock the pads up
>in until either a) the heat death of the universe, or b) the Big Crunch
>then we may as well just put the plaintext in there and be done with
>it. As I see it, OTP are only workable in communications, and then
>obviously in a limited manner.
>
Are we talking long-term archival? I'm more concerned about someone
grabbing communications in transit, storing them and throwing chips and
mathematicians at it.
If the government comes with the search warrant, then I should have already
deleted the file if I didn't want it available. If someone wants to face
security guards or a gun by my bedside they can steal the archive. It's
the same rules as always. (except the theif must also have the math and
chips).
In the case of archive you have the protection of physical security and in
most cases the knowledge of when it has been breached -- It's a lot
friendlier than in communications where who knows what is going on between
the sender and recipient.
OTP is a pain, and is not effective for archival -- but it is the only way
I've seen to protect communications in excess of ~30 years.
Bryan Waters http://www.ultimateprivacy.com
Director of Marketing Voice: 512-305-0505 Fax: 512-305-0506
Ultimate Privacy Corporation 3925 W Braker Ln #305, Austin, TX, 78759
Return to July 1998
Return to “Ryan Lackey <rdl@mit.edu>”