[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 2047 bit keys in PGP



At 10:02 AM 1/4/96 -0800, you wrote:

>All that being said, I believe that 128 bits is sufficient for a
>symmetric key and 2048 for a public key.  Our paranoia would be far
>better directed at as yet unknown attacks on the algoritms involved
>or the specific implementations of cryptographic systems.  Paul Kocher's
>recent timing attack is a perfect example of what we should be afraid
>of.

Exactly!   I agree.  There is plenty of work that can be directed towards
the hardware arena, for example.  Better filters (AC, telephone, keyboard
cable), untamperable hardware (keyboards come to mind, for instance:  Design
one whose RF "signature" can't be read remotely), a push towards the use of
thin-film-type displays that don't radiate (much) in the RF spectrum,
automatic over-write of unused data areas in hard/floppy disks (including
the (unallocated) space at the ends of files), etc.