At 23:17 01.19.1996 -0800, Timothy C. May wrote:
Like many, I take it for granted that 40-bit RC4 can be broken for "small change." Moreover, my guess is that foreign traffic is routinely cracked if it is encrypted.
On Friday morning, Whit Diffie took five minutes to announce a report that he and other big names (including Rivest, Wiener, etc.) produced a week or two ago in Chicago. The subject of the report was recommended minimum symmetric key lengths... the paper should be published at http://www.bsa.org (Whit threatened them if they didn't get it up by Monday morning<g>, but the BSA site currently just says that they'll add a pointer to the report within the next week). To avoid keeping everyone in suspense, here's the basic result Diffie announced: the world's leading cryptographers (outside the walls of the NSA) agree that 75-bit keys are the minimum (I think this was for protecting commercial communications). To build in time-sensitivity, add one bit per year... i.e. if the information needs to be kept secret for 20 years, use at least 95 bits. That said, talk to the NSA about 40-bit keys -- and to Lotus about its max. 64-bit keys, for that matter! When he made the announcement on Wednesday morning, Ray Ozzie (of Notes fame) knew he might get flak about keeping Notes at 64 bits, so as soon as he mentioned it he added a phrase something like (going from memory) 'but let's leave aside for now the question about whether 64 bits is enough.' Interesting comment in light of Diffie et al's answer announced two days later. :-/ In answer to a question from the floor, Ozzie did say that yes, the agreement reached with the NSA was scalable -- IOW, that you could use 128-bit keys and give the government 88 of them, instead of 64-and-give-24 -- but in retrospect I wonder whether keeping Notes at 64 bits was a condition of the NSA deal. I'm not normally a conspiracy theorist, but considering that Ray was clearly aware that the 64-bitness was going to raise eyebrows and still somehow didn't get around to simply strengthening it... well, it makes you wonder.
And in a few years, 40-bit RC4 will be even more ludicrously weak.
The Lotus position is untenable.
Hear hear... but unfortunately industry doesn't seem to "hear hear" well enough yet, though they've been learning lately. Instead of hammering Markoff for his NYT articles, we should be thanking him that at least he's helping to raise public awareness -- even if he does tend to overplay things. Herb ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Herb Sutter (herbs@connobj.com) Connected Object Solutions 2228 Urwin - Suite 102 voice 416-618-0184 http://www.connobj.com/ Oakville ON Canada L6L 2T2 fax 905-847-6019