The War is Underway (fwd)
Adam Shostack
adam at homeport.org
Tue May 13 05:23:35 PDT 1997
Black Unicorn wrote:
| > Systems that use randomly generated keys are
| > limited only by the amount of available entropy, but then the passphrase
| > security to encrypt the secret key or physical security become important.
| > Using excessively long keys does not do much for security, as there are
| > always going to be weaker links that an attacker can take advantage of.
| > It doesn't hurt to use a 256-bit key, or larger, but it doesn't do much
| > good, either.
|
| Again, you have taken an important concept, total security, and reversed
| it. Instead of aiming to make each link as strong as possible, you have
| aimed to design around the weakest link.
|
| This is a serious mistake in my view.
I disagree with your approach. In the real world, budgets are
limited, time is limited, the pool of really decent people on any
given project is small. Fixing or strengthening the weakest link is
my usual approach to these things. Not as nice as having a
bulletproof design from the start, but there aren't enough smart
cypherpunks out there consulting. (More on that in another post.)
| It costs little today to develop a cipher with larger keyspace. (DES with
| independent subkeys already exists and has a basic keyspace of 768 bits.
| A meet in the middle attack reduces keyspace to 2^384. Schneier discusses
| the cipher briefly). If users are willing to deal with large keys (I
| certainly am) then software designers are restraining a more secure
| implementation.
It takes an academic cryptographer about 6 months to develop a
cipher. Most academics don't see a point to moving beyond the 448
bits available in Blowfish.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
More information about the cypherpunks-legacy
mailing list