CDR: Re: why should it be trusted?

petro petro at bounty.org
Tue Oct 17 03:29:52 PDT 2000 

>One of the points I believe is sorely missing in these discussions is how
>important "improvements in algorithms" can be.  In the narrowest sense, I
>agree with your statements - but I have also seen what elegant alternative
>approaches can do to systems that were presumed to be vulnerable only to
>brute force, and I've also seen how nicely they may be placed into custom
>hardware.

	When you are talking "heat death of the universe" time lengths,
improvement is algorithms don't really add up to all that much time.

	In the real world (outside of Academentia) we have different 
threat models that we need Crypto for. To keep a credit card safe, we 
need only to make sure that a given undesired decrypt be more 
expensive than it's worth--and the encrypted credit card string has 
to last what? Three years? before it's worthless anyway. I'll take 
the risk that someone will improve factoring by what? 6 or 7 orders 
of magnitude? (that makes 1,000,000,000 years into 1000 years. I 
think my card will be expired by then).

	Other sorts of banking operations have an even short 
life--from minutes to months. They could take almost 9 orders of 
magnitude(unless I don't understand this order of magnitude 
thing)--does it really matter if a banking transaction falls to a 
break in 10 years? One would think that a bank would be wise enough 
to expire it's keys more regularly than that.

	Or military secrets--because of the nature of the military, 
keys can be expired even more rapidly 3 to 5 years ought to be plenty.

	And hey, if we do get a break through in factoring speed, it 
seems cheap enough to double our key size.

	Quantum computers are a different story--and may (may) make a 
shambles of our current crypto schemes--but as near as we can tell no 
one is close to a working system.

>Call it threat analysis - I think it is reasonable to assume they know a
>few tricks that aren't public yet.  And any trick related to factoring or
>Feistel networks is sufficient to obsolete those "age of universe"
>extrapolations.

	There is a wide difference between "age of universe" and "age 
of man". The point of the whole "heat death of the universe" thing is 
that even if a given brute force decrypt can be made 1000 times 
faster, it's still going to take a *LONG* time.
-- 
A quote from Petro's Archives:   **********************************************
Sometimes it is said that man can not be trusted with the government 
of himself. Can he, then, be trusted with the government of others? 
Or have we found angels in the forms of kings to govern him? Let 
history answer this question. -- Thomas Jefferson, 1st Inaugural

More information about the cypherpunks-legacy mailing list