Re: Apple, privacy, and AOCE
I found the idea that RSADSI will be generating folks' key pairs particularly chilling.
What I gathered from actually using this software is that you personally generate a key pair, on your own machine, and then transparently send your public key to RSADSI. Some time later, you receive a certificate (with an expiration date) that allows your 'signer' to function. RSADSI does not make, or even see, your private key.
The article accompanying these sidebars suggests that folks' private keys will be stored on the server;
My understanding is that address books on the [optional] servers may have copies of certificates, for people who have certificates and want them published.
the article [...] must be the result of miscommunication
yes
The NSA recently signed an agreement with the Software Publishers Association that will provide expedited approval of RC-4 encryption based on 40-bit keys.
Not surprising, since a pre-computation attack allowing a direct key lookup against RC-4 with 40 bit keys is economically feasible for anyone who can afford a CD-ROM jukebox (128 mips-years of computation + 8 terabytes of storage).
NSA [...] will allow slightly more-powerful scrambling capabilities [in AOCE] AOCE uses 64-bit keys, and larger keys mean better security.
This could mean anything. They might actually be using 64 bit keys (which would be good, although 80 bits is recommended), or they might be using 40 bit keys with 24 bits of salt (or worse: 32 and 32). Salted keys (key+salt of sufficient size), stop the precomputed attack, but if the actual key size, without salt, is still only 40 bits, then exhaustive search of the keyspace, after the salt has been seen, will only take 64 mips-years. Scott Collins | "Few people realize what tremendous power there | is in one of these things." -- Willy Wonka ......................|................................................ BUSINESS. voice:408.862.0540 fax:974.6094 collins@newton.apple.com Apple Computer, Inc. 1 Infinite Loop, MS 301-2C Cupertino, CA 95014 ....................................................................... PERSONAL. voice/fax:408.257.1746 1024:669687 catalyst@netcom.com
participants (1)
-
collins@newton.apple.com