Thoughts on 15 day CJ crypto

Eric Hughes eric at remailer.net
Sat Dec 17 14:42:55 PST 1994


   From: Hal <hfinney at shell.portal.com>

   Maybe it would be wise when using limited-length
   session keys to use larger encryption exponents just to confound an
   exhaustive search of the session key space.  

It would, but remember that you're generally going to be generating
those keys with the application that will be using them eventually.
One could write a spoofer, perhaps, to generate you're own keys, but
most people won't be using it.

   I think it is surprising
   if there is no limitation on encryption exponent size for these
   exportable key systems, assuming that is the strategy the government is
   using.

Consider the position from the viewpoint of the NSA.  Suppose that the
hypothesis is correct, and session keys encrypted with short exponents
are used to verify candidates.  You haven't told anybody this is the
reason for the particulars of the restrictions.

So, do you, the NSA, write the restriction into the regulation?  Or do
you rely on the fact that the developer will optimize public keys for
speed?

The first strategy reveals tactics.  The second carries some risk.

Eric






More information about the cypherpunks-legacy mailing list