Bad CypherPunk! No privacy! / Re: PGP5i supports RSA keys?
Bill Stewart wrote:
but there's also really no need for keys longer than 2048 bits unless some radical algorithmic breakthrough 1024 bits is probably enough
Other than the above, a very informative post. Perhaps all encryption programs ought to be named Enigma-1, Enigma-2, etc. When the Allies gained the capability to break the Enigma code, there was no front-page announcement. I checked the news headlines today, and there was no front-page announcement of a "radical algorithmic breakthrough." I take this to be proof positive that the ever-present "they" have indeed made a breakthrough, and that I need to use the strongest tools currently available for secure communications. Like the ZipLock ads where they put the angry bees in the ZipLock and in the Generic Brand plastic bags, I am always tempted by the statement that "512/1024/etc." is "good enough," to ask the person making the statement to write a letter threatening the life of "You Know Who," encrypt it and send it to me for forwarding to the Whitewaterhouse. ("And don't forget to use the '-c' option.") Would you rather have the angry F-Bee-I agents in the 4096 bit encrypted CryptLock bag or the 1024 bit GenericLock bag? :: B o o t s
At 1:24 AM -0700 8/22/97, Anonymous wrote:
Bill Stewart wrote:
but there's also really no need for keys longer than 2048 bits unless some radical algorithmic breakthrough 1024 bits is probably enough
Other than the above, a very informative post.
Perhaps all encryption programs ought to be named Enigma-1, Enigma-2, etc. When the Allies gained the capability to break the Enigma code, there was no front-page announcement. I checked the news headlines today, and there was no front-page announcement of a "radical algorithmic breakthrough." I take this to be proof positive that the ever-present "they" have indeed made a breakthrough, and that I need to use the strongest tools currently available for secure communications.
We haven't discussed this point in a while, but the belief most cryptologists have is roughly this: The world-wide community of mathematics and cryptology researchers, linked through open publication of new research results, is GREATER than the cloistered NSA and GCHQ communities of researchers. Thus, as bright as Brian Snow or Don Coppersmith or John Conway may be, the "edge" the NSA may have once had is largely gone. Which is not to say that they are not still a formidable technical organization, with substantial computer resources. But modern crypto systems are, as we all know, based on fundamental mathematical results, e.g., the difficulty in finding the factors of a large number, the difficulty in extracting logarithms, etc. And while advances in factoring have occurred, often at government labs (think of Sandia), the fast factoring of a 1000-decimal-digit number appears unachievable. (Leading to our conclusion that anyone who _knows_ the prime factors of a very large number must have been the one who generated the composite product, in a kind of zero knowledge proof sort of way. Or someone who intercepted the numbers, the private key, or who gained access through the National Key Recovery Suppository.)
Like the ZipLock ads where they put the angry bees in the ZipLock and in the Generic Brand plastic bags, I am always tempted by the statement that "512/1024/etc." is "good enough," to ask the person making the statement to write a letter threatening the life of "You Know Who," encrypt it and send it to me for forwarding to the Whitewaterhouse. ("And don't forget to use the '-c' option.")
Yes, this sort of thing has been proposed many times. Some of us have done it, back in our earlier and more radical days. (I don't claim credit for the RSA challenge, in its recent and current form, but several years ago I suggested at the first RSA Conference that a prize be encapsulated in a message encrypted with an RSA key, and that so long as the prize went unclaimed this would be a measure of security. Bidzos said he'd pass on the suggestion. Prizes are a common way to ensure or encourage results, so doubtless others suggested similar things.) --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
We haven't discussed this point in a while, but the belief most cryptologists have is roughly this:
The world-wide community of mathematics and cryptology researchers, linked through open publication of new research results, is GREATER than the cloistered NSA and GCHQ communities of researchers.
Thus, as bright as Brian Snow or Don Coppersmith or John Conway may be, the "edge" the NSA may have once had is largely gone. Which is not to say that they are not still a formidable technical organization, with substantial computer resources.
I've thought about this, and still wonder if the NSA may have an edge. imagine have huge, unlimited resources to spend on whatever you want. all other mathematicians/researchers in the world are subject to having to scrape fund money together via grants. guess who grants the grants? government. and in some cases, I think that it is possible the grant process is subject to manipulation by government agencies. the really hot stuff may not be getting funded, because the NSA secretly pulls the plug and the researcher just thinks, "gosh darn it, didn't get the grant". a great conspiracy theory, eh? as for commercial R&D, it is always ultimately directed toward making money. this limits the freedom of the researcher as well. now consider that the NSA is the world's single largest employer of mathematicians. believe I have seen this claim in some articles on them. now realize that none of their research is allowed to be publicized. that is, they can read the open literature, and they also have their own resources to go past it. individual researchers outside of the NSA do not have the advantage of seeing what the NSA is doing. hence a bit one-sided here as well. consider now that the NSA is not just the largest mathematical employer, but that they aggressively go after the *best* without anyone realizing it. consider the spiel: "do a patriotic service for your country. be among the few, the proud, the spooks". this they give to the greatest mathematicians you can imagine. it's not too unlikely. I suspect there are a lot of researchers working for the NSA with academic "cover stories". hence people you think are extremely talented and are not working in it are actually working for it. some theories, nothing more. on the other hand, many people have spoken of the compartmentalization of the government, esp. the NSA, and how this makes it myopic and ineffectual. I'm not so sure about this. the atomic bomb creation was pretty compartmentalized at first, yet it was very effective.
But modern crypto systems are, as we all know, based on fundamental mathematical results, e.g., the difficulty in finding the factors of a large number, the difficulty in extracting logarithms, etc. And while advances in factoring have occurred, often at government labs (think of Sandia), the fast factoring of a 1000-decimal-digit number appears unachievable.
something to consider is that there has been no major incentive for anyone to really find such an algorithm until recently, say within the last 10 years or so. I believe it is mistaken to pretend that mathematicians have been trying to find an efficient factoring algorithm since the dawn of math. perhaps out of amusement, but not seriousness. there is no practical reason why large numbers needed to be factored in math other than curiousity, until recently. what I am saying is that I doubt the worlds greatest mathematicians of the past spent much time trying to find a fast factoring algorithm.
On Fri, 22 Aug 1997, Tim May wrote:
We haven't discussed this point in a while, but the belief most cryptologists have is roughly this:
The world-wide community of mathematics and cryptology researchers, linked through open publication of new research results, is GREATER than the cloistered NSA and GCHQ communities of researchers.
Thus, as bright as Brian Snow or Don Coppersmith or John Conway may be, the "edge" the NSA may have once had is largely gone. Which is not to say that they are not still a formidable technical organization, with substantial computer resources.
This also applies to the substantial computer resources and technology as well. Something on TLC got me thinking about this even before I read this message. The NSA has a problem in that, except maybe for quantum cryptography, they no longer have an advantage of kind, merely of degree, and the market is narrowing that gap daily. Before, only they had the resources to do something like the machine NCR built to crack enigma messages, and could build many one-of-a-kind machines to do individual cracking. They still can, but it isn't efficient to do so today. They can build 1000 custom ASICs, but they will be more expensive than 10,000 off-the-shelf CPU chips - they can't do engineering any better or cheaper than Intel or DEC, and they don't have millions of customers to spread the fixed costs over. When a camcorder is more complex than most weapons systems, but is available at the local mall, and when I can buy SMP servers from an 800 number, I have the same thing the NSA has, only smaller. But the NSA is still a finite size (given the earlier posts about terawatts), and I can link my computer with thousands or millions of others. DEScrack was only done on a relatively few computers. If a really big prize was offered (In this lotto, you just run this screen saver which uses less bandwidth than pointcast... The chinese radio lottery via the internet), you could get almost every computer into the act. As technology goes forward, any advantage of largess will be overcome by greater numbers of small systems - at some point the large college campuses will have more cpu cycles than the NSA because students bring the latest technology with them. Unless the NSA is radically different, the concept of putting a SMP system on everyone's desk (upgrading it every few years) and linking them isn't going to go over as well as getting 100 new cray supercomputers. --- reply to tzeruch - at - ceddec - dot - com ---
At 10:07 AM 8/23/97 -0700, Lucky Green wrote:
Now imagine if the prize was $1,000,000 or $10M. That's real money to just about every student out there. Every box at every university would be working on it. Employees would install the cracker first and ask their sysadmin later. If at all.
Heh. Every box would be running more than one copy, unless you hacked the code to have some sort of lockfile that would let it take turns occasionally. (If you just lock the user out, they'll take the trouble to go "fix" the code....) Fortunately, crunchons are getting pretty cheap these days, though the challenge would still lead to government people saying "See, it took a million dollars and every university computer in the country and they still haven't cracked Skipjack" or whatever the target is, just as they've kept the "$10,000 and a supercomputer" figurefor RC4/40 going around. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp # (If this is a mailing list or news, please Cc: me on replies. Thanks.)
At 12:12 PM 8/23/97 -0400, nospam-seesignature@ceddec.com wrote:
DEScrack was only done on a relatively few computers. If a really big prize was offered (In this lotto, you just run this screen saver which uses less bandwidth than pointcast... The chinese radio lottery via the internet), you could get almost every computer into the act.
This is a good point. It took $10,000 (plus some hope for fame) to motivate thousands of computer users to participate in DESCHALL. But $10k is not all that much money. Few people will go to extraordinary measures to get a long shot chance at winning this relatively small sum. Note that there were few DESCHALL participants from China, India, and other countries where there is a substantial numbers of computers. Now imagine if the prize was $1,000,000 or $10M. That's real money to just about every student out there. Every box at every university would be working on it. Employees would install the cracker first and ask their sysadmin later. If at all. I you offer such sums, people would find cycles you didn't even know existed. BTW, I am thinking about organizing corporate sponsorships to beef up the reward for the RC5-64 crack. I am quite certain that at a $1M prize offering, I would be cracked faster than DES. --Lucky Green <shamrock@netcom.com> PGP encrypted mail preferred. DES is dead! Please join in breaking RC5-56. http://rc5.distributed.net/
* Lucky Green wrote:
Now imagine if the prize was $1,000,000 or $10M. That's real money to just about every student out there. Every box at every university would be
Or remember the CCC project: They collect US$ 400,000 to build there own public Wiener machione to break DES regulary...
participants (7)
-
Bill Stewart -
Lucky Green -
lutz@iks-jena.de -
nobody@REPLAY.COM -
nospam-seesignature@ceddec.com -
Tim May -
Vladimir Z. Nuri