From: Adam Shostack <adam@homeport.org> Subject: Re: More FUD from First Virtual To: jimbell@pacifier.com (jim bell) Date: Sat, 9 Dec 1995 16:51:58 -0500 (EST) Cc: cypherpunks@toad.com
jim bell wrote:
[Good points about cost of transactions deleted]
| The answer, I think, it that there would be no problem finding people to | take that risk in exchange for the return, ESPECIALLY if they have some | input into the design (level of security) of the system. They might insist | on 2048-bit RSA keys, instead of 1024-bit, for example.
(I know its only an example, but...)
Key length is not what is needed for better security; more solid code and better interfaces are needed. (I might also argue for hardware keys that are more difficult to steal..)
Nonsense. The code is pretty solid, the interfaces aren't very difficult. What is needed is better human management of keys. Why brute-force, why look for weak keys, why bother calculating how much safer 2047-bit keys are rather than 1024-bit keys when someone can look on your HD and find your secret key, when they can open your desk drawer and find your pass phrase or password, when they can guess that you used your wife's maiden name as your password? Adam, I don't understand why you wrote nonsense in the first paragraph, then followed it up with textbook attacks such as:
Cryptosystems fail because of bad storage of keys, coding mistakes, accidentally writing passphrases to disk during a swap, etc. Moving to 2048 bit keys is no help if you lose the key to a non-cryptanalytic attack. Moving to keys with a week or day lifetimes might be better.
Moving the systems which automatically issue key revocation certificates, and coupling that with a wide distribution system would be the perfect match to such a scheme. Of course, that means that PGP et. al. needs to be more tightly integrated into existing mail software.