Re: Unofficial Release
Perry@imsi.com says:
Tom Rollins says:
Ahhhh, It is nice to know that people won't even TRY to crack big keys. Cracking, you know, is a lot like the lotto. You MIGHT guess the correct key on the first TRY. But, if you don't TRY, then you won't crack the key.
"Gotta play to win"
It is all a question of economics. Its one thing if your idle try has one in 10^6 chance of working, but if its one in 10^70 or something like that the attempt is pretty much pointless -- you are more likely to have a giant sack of gold hit you on the head. Even spending a penny on cracking something that way is uneconomical.
Our govenment has NEVER been very economical!
They could spend a lot less effort simply getting your key via "practical cryptanalysis".
True, a good hose or pretty woman in the sack would loosen me up. Except for my old key that hangs out on the pgp-key-servers. Too bad, Lost that secret key...
There is therefore no point in using a cryptosystem which would cost the enemy hundreds of billions of dollars to try to attack and then type in your key on a machine who's keystrokes can be monitored using $3000 in equipment. Which way would YOU try to get the keys, eh?
Say, that sounds like a good deal ! Where could I buy that. Wow, hang out at Charles Schwab, or Meryll Lynch and get account info...
Unless you are already doing all your encryption in a Faraday cage, I'd say that there is no conceivable point in using anything over a 2000 bit key -- indeed, there is probably no point in using such a key even if you are doing all your encryption in a Faraday cage.
Well, I work for C3-Telos and we make several lines of ruggedized portable tempest capable equipment (like the one I am typing on).
The benefit is minimal, and the cost, in terms of dramatically slowed performance, is very high. Using an 8000 bit key is like claiming you are stronger than the enemy because whereas he only has enough nuclear weapons to vaporize your city 15 times over you have enough to vaporize his 90 times over.
I don't need an 8000 bit key, but, I don't want the pgp-key-server barfing on a 4096 bit key that I feel I need. How can you put a price on someones life. You don't know there situation. (think about OJ and fooling around with his wife) Tim May says:
If this was tongue in cheek, I missed it. Nobody in their right mind will try a brute force attack on a 1024-bit key, let alone a 1200- or 2000-bit key. Unless there are flaws in PGP and/or RSA we haven't heard about.
So you or I won't try the crack. But then there are all those people who are being paid from tax dollars to do nothing else but crack. And all those high priced computers paid for with tax dollars to do the cracking with. Do you think they will just close up shop and sell off the equipment? Yes, there are flaws. (some call them design compromises) Why known text in the Idea data area? Why CFB mode vs CBC mode? Peter Gutman's SFS documentation makes reference to a class of weak IDEA keys. What are they? And what do they do?
As for lotto, simple calculations tell anyone that the best way to win is not to play. The return _at best_ is 30 or 40 cents on the dollar, with the rest going to all the various programs the lotto is supposed to support. The more you play, the more you lose.
I don't advocate that you play the lotto. I am pointing out a fact that the lotto people use/say/claim to get people to play their game and thus give them money.
(I think gambling is a perfectly fine "tax on stupidity," collecting money from the gullible. However, banning gambling by private citizens while having the government run their own casinos and lotteries is crummy. It's government at its worst.)
I agree almost 100%
Tom Rollins says:
I don't need an 8000 bit key, but, I don't want the pgp-key-server barfing on a 4096 bit key that I feel I need. How can you put a price on someones life. You don't know there situation. (think about OJ and fooling around with his wife)
Yup, you have it on me. I guess it is important to lower the possibility of someone cracking your key by brute force from lower than the odds that all the oxygen atoms in the room you are in will spontaneously end up on the wrong side of the room to lower than the odds that all the oxygen atoms in the world will end up on the wrong side of the planet. After all, we are fooling with lives. Yup. That infinitessimal safety margin is important. After all, someone who's got billions of dollars to spend is very likely to waste it on doing nothing but cracking your key -- listening in on your computer's electromagnetic emissions, tapping your keyboard, or beating you up would all be too complicated when there is an infinitesimal chance that billions of dollars could crack your key directly.
Tim May says:
If this was tongue in cheek, I missed it. Nobody in their right mind will try a brute force attack on a 1024-bit key, let alone a 1200- or 2000-bit key. Unless there are flaws in PGP and/or RSA we haven't heard about.
So you or I won't try the crack. But then there are all those people who are being paid from tax dollars to do nothing else but crack.
And you know, who knows? Maybe they are in fact concealing more computers than you could build with all the silicon in the solar system in Fort Meade. Those feds, they are superhuman, you know? Jeesh. Perry
On Wed, 22 Jun 1994, Perry E. Metzger wrote:
And you know, who knows? Maybe they are in fact concealing more computers than you could build with all the silicon in the solar system in Fort Meade. Those feds, they are superhuman, you know? There are two curves you have to worry about, one is computation, the other is advances in mathmatics. Even if some great advance was made in factoring, a larger key *might* remain safe. This is the reason, not increased computational power. That is, unless you have proven some verry interesting things about factoring numbers and algorithmic complexity.
Roger, Mad Dog, Bryner.
Roger Bryner says:
On Wed, 22 Jun 1994, Perry E. Metzger wrote:
And you know, who knows? Maybe they are in fact concealing more computers than you could build with all the silicon in the solar system in Fort Meade. Those feds, they are superhuman, you know? There are two curves you have to worry about, one is computation, the other is advances in mathmatics.
The conversation was predicated on the notion that no major breakthrough in factoring has occured, as I explicitly said. A minor breakthrough, like an improvement of a constant factor of a million or so, isn't going to let people break 2000 bit keys. Perry
On Wed, 22 Jun 1994, Perry E. Metzger wrote:
The conversation was predicated on the notion that no major breakthrough in factoring has occured, as I explicitly said. A minor What reason do you have to believe that this will be the case? Why is it foolish to use available and cheap computer power to hedge your bets?
Roger.
Roger Bryner says:
On Wed, 22 Jun 1994, Perry E. Metzger wrote:
The conversation was predicated on the notion that no major breakthrough in factoring has occured, as I explicitly said. A minor What reason do you have to believe that this will be the case? Why is it foolish to use available and cheap computer power to hedge your bets?
Because it isn't cheap, first of all. If you wanted to run a completely secure internet, for example (a problem I am currently working on) the cost of all those RSAs really DOES show up, and fast. Because using a 2000 bit key already is a sign of madness -- an 8000 bit one is beyond the pale (doesn't anyone understand exponential blowup here?) Because if you have a polynomial factoring algorithm doubling the key size will no longer provide any real protection for very valuable data. Because once your RSA key is big enough the conventional key you use becomes the weak link and any increase in the size ends up being rubble bouncing. Perry
Date: Wed, 22 Jun 1994 13:18:51 -0600 (MDT) From: Roger Bryner <bryner@atlas.chem.utah.edu> Cc: cypherpunks@toad.com On Wed, 22 Jun 1994, Perry E. Metzger wrote:
The conversation was predicated on the notion that no major breakthrough in factoring has occured, as I explicitly said. A minor What reason do you have to believe that this will be the case? Why is it foolish to use available and cheap computer power to hedge your bets?
Because you might be reading your mail on an HP-100LX with a silly-pissant 8088. Cheap and availabile? Only if you're willing to carry a heavy computer around with you. -russ <nelson@crynwr.com> Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light Potsdam, NY 13676 | LPF member - ask me about the harm software patents do.
participants (4)
-
nelson@crynwr.com -
Perry E. Metzger -
Roger Bryner -
trollins@debbie.telos.com