[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The War is Underway (fwd)



On Tue, 13 May 1997, Adam Shostack wrote:

> Black Unicorn wrote:
> 
> | > Systems that use randomly generated keys are
> | > limited only by the amount of available entropy, but then the passphrase
> | > security to encrypt the secret key or physical security become important.
> | > Using excessively long keys does not do much for security, as there are
> | > always going to be weaker links that an attacker can take advantage of.
> | > It doesn't hurt to use a 256-bit key, or larger, but it doesn't do much
> | > good, either.
> | 
> | Again, you have taken an important concept, total security, and reversed
> | it.  Instead of aiming to make each link as strong as possible, you have
> | aimed to design around the weakest link.
> | 
> | This is a serious mistake in my view.
> 
> 	I disagree with your approach.  In the real world, budgets are
> limited, time is limited, the pool of really decent people on any
> given project is small.  Fixing or strengthening the weakest link is
> my usual approach to these things.  Not as nice as having a
> bulletproof design from the start, but there aren't enough smart
> cypherpunks out there consulting.  (More on that in another post.)

I conceed this general point, but in context it does not stand up.
Specifically we were referring to the trade off between cipher keylength
and password size.

It was proposed that because people were unlikely to deal with passwords
large enough to fill the key with e.g., 128 bits of entropy, that it was
worthless to bother with 128 bit symetric ciphers.  I find this a hard
position to support.

> 
> | It costs little today to develop a cipher with larger keyspace.  (DES with
> | independent subkeys already exists and has a basic keyspace of 768 bits.
> | A meet in the middle attack reduces keyspace to 2^384.  Schneier discusses
> | the cipher briefly).  If users are willing to deal with large keys (I
> | certainly am) then software designers are restraining a more secure
> | implementation.
> 
> 	It takes an academic cryptographer about 6 months to develop a
> cipher.  Most academics don't see a point to moving beyond the 448
> bits available in Blowfish.

Ok, where are the 256+ bit blowfish implementations?

> Adam
> 
> -- 
> "It is seldom that liberty of any kind is lost all at once."
> 					               -Hume

--
Forward complaints to : European Association of Envelope Manufactures
Finger for Public Key   Gutenbergstrasse 21;Postfach;CH-3001;Bern
Vote Monarchist         Switzerland
Rebel Directive #7:Avoid soccer games when a government assault threatens.