[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Key length security (calculations!)

To: [email protected] (Timothy C. May)
Subject: Re: Key length security (calculations!)
From: [email protected]
Date: Fri, 15 Jul 94 03:28:48 EDT
Cc: [email protected] (Doug Cutrell), [email protected]
In-Reply-To: Your message of Thu, 14 Jul 94 12:09:27 -0700. <[email protected]>
Sender: [email protected]

> > Still sounds pretty safe so far... if it really takes at least 20,000 times
> > as long to crack a 1024 bit modulus, then it would still take the 7400 C.E.
> > (Cray Equivalent) computer 24 years to crack a 1024 bit number.  BUT, the
> > biggest worry is that no one knows how good the NSA's factoring algorithms
> > are.  I read recently that the NSA is the world's largest employer of
> > mathematicians.  The relative improvement in factoring algorithms since the
> 
> Not to attack Doug's point, which has validity here (that we don't
> know what factoring advances NSA may have made), but I personally
> think the combined capabilities of "public domain mathematicians" are
> now far greater than what NSA has. Shamir, Odzylko, Blum, Micali,
> Rackoff, Goldwasser, Solovay, Berlenkamp, etc., are top-flight
> researchers, publishing many papers a year on these topics. It is
> unlikely that some GS-14 mathematicians at the Fort, not able to
> publish openly, have made much more progress. I think the resurgence
> of crypto in the 70s, triggered by public key methods and fueled by
> complexity theory breakthrough, caused a "sea change" in inside
> NSA-outside NSA algorithm expertise.

I disagree with this, and I would site as a case and point the fact
that differential cryptanalytic attacks were not "discovered" until
1990 while a relatively small team of IBM cryptologists had it back
in 1974 when they made DES. NSA apparently had it before then.
This is why I would rather find a fast secure mulitple DES method
based on spliting and not have to use IDEA which us so new. Before I
was born, NSA knew all of these things which were not figured out
by the academic community until this decade. (of course they could
also know of some sort of back door, but I think that the fact that
NSA knew of differential cryptography and let an algorithm immune to
it pass while they lowered the key size says something about DES's
security against attacks the academic community hasn't figured out yet.

The bottom line is that NSA has demonstrated that they can outperform
academia without public reviews of their method (LEAFs aside for the
moment [government agencies are after all required to do several stupid
things each year])

Cheers,

JWS

References:
- Re: Key length security (calculations!)
  - From: [email protected] (Timothy C. May)

Prev by Date: Re: Why triple encryption instead of split+encrypt?
Next by Date: Re: Probabilistic Encryption
Prev by thread: Key length security (calculations!)
Next by thread: Re: Key length security (calculations!)
Index(es):
- Date
- Thread