[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Apple, privacy, and AOCE



  >I found the idea that RSADSI will be generating folks' key pairs
  >particularly chilling.

What I gathered from actually using this software is that you personally
generate a key pair, on your own machine, and then transparently send your
public key to RSADSI.  Some time later, you receive a certificate (with an
expiration date) that allows your 'signer' to function.  RSADSI does not
make, or even see, your private key.


  >The article accompanying these sidebars suggests that folks' private keys
  >will be stored on the server;

My understanding is that address books on the [optional] servers may have
copies of certificates, for people who have certificates and want them
published.


  >the article [...] must be the result of miscommunication

yes


  >The NSA recently signed an agreement with the Software Publishers
  >Association that will provide expedited approval of RC-4 encryption based
  >on 40-bit keys.

Not surprising, since a pre-computation attack allowing a direct key lookup
against RC-4 with 40 bit keys is economically feasible for anyone who can
afford a CD-ROM jukebox (128 mips-years of computation + 8 terabytes of
storage).


  >NSA [...] will allow slightly more-powerful scrambling capabilities
  >[in AOCE] AOCE uses 64-bit keys, and larger keys mean better security.

This could mean anything.  They might actually be using 64 bit keys (which
would be good, although 80 bits is recommended), or they might be using 40
bit keys with 24 bits of salt (or worse: 32 and 32).  Salted keys (key+salt
of sufficient size), stop the precomputed attack, but if the actual key
size, without salt, is still only 40 bits, then exhaustive search of the
keyspace, after the salt has been seen, will only take 64 mips-years.


Scott Collins         | "Few people realize what tremendous power there
                      |  is in one of these things."     -- Willy Wonka
......................|................................................
BUSINESS.   voice:408.862.0540  fax:974.6094   [email protected]
Apple Computer, Inc.   1 Infinite Loop, MS 301-2C   Cupertino, CA 95014
.......................................................................
PERSONAL.   voice/fax:408.257.1746    1024:669687   [email protected]