[Cryptography] RSA equivalent key length/strength
Phillip Hallam-Baker
hallam at gmail.com
Thu Sep 19 09:54:27 EDT 2013
On Wed, Sep 18, 2013 at 5:23 PM, Lucky Green <shamrock at cypherpunks.to>wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 2013-09-14 08:53, Peter Fairbrother wrote:
>
> > I get that 1024 bits is about on the edge, about equivalent to 80
> > bits or a little less, and may be crackable either now or sometime
> > soon.
>
> Moti Young and others wrote a book back in the 90's (or perhaps) 80's,
> that detailed the strength of various RSA key lengths over time. I am
> too lazy to look up the reference or locate the book on my bookshelf.
> Moti: help me out here? :-)
>
> According to published reports that I saw, NSA/DoD pays $250M (per
> year?) to backdoor cryptographic implementations. I have knowledge of
> only one such effort. That effort involved DoD/NSA paying $10M to a
> leading cryptographic library provider to both implement and set as
> the default the obviously backdoored Dual_EC_DRBG as the default RNG.
>
> This was $10M wasted. While this vendor may have had a dominating
> position in the market place before certain patents expired, by the
> time DoD/NSA paid the $10M, few customers used that vendor's
> cryptographic libraries.
>
> There is no reason to believe that the $250M per year that I have seen
> quoted as used to backdoor commercial cryptographic software is spent
> to any meaningful effect.
>
The most corrosive thing about the whole affair is the distrust it has sewn.
I know a lot of ex-NSA folk and none of them has ever once asked me to drop
a backdoor. And I have worked very closely with a lot of government
agencies.
Your model is probably wrong. Rather than going out to a certain crypto
vendor and asking them to drop a backdoor, I think they choose the vendor
on the basis that they have a disposition to a certain approach and then
they point out that given that they have a whole crypto suite based on EC
wouldn't it be cool to have an EC based random number generator.
I think that the same happens in IETF. I don't think it very likely Randy
Bush was bought off by the NSA when he blocked deployment of DNSSEC for ten
years by killing OPT-IN. But I suspect that a bunch of folk were whispering
in his ear that he needed to be strong and resist what was obviously a
blatant attempt at commercial sabotage etc. etc.
I certainly think that the NSA is behind the attempt to keep the Internet
under US control via ICANN which is to all intents a quango controlled by
the US government. For example, ensuring that the US has the ability to
impose a digital blockade by dropping a country code TLD out of the root.
Right now that is a feeble threat because ICANN would be over in a minute
if they tried. But deployment of DNSSEC will give them the power to do that
and make it stick (and no, the key share holders cannot override the veto,
the shares don't work without the key hardware).
A while back I proposed a scheme based on a quorum signing proposal that
would give countries like China and Brazil the ability to assure themselves
that they were not subjected to the threat of future US capture. I have
also proposed that countries have a block of IPv6 and BGP-AS space assigned
as a 'Sovereign Reserve'. Each country would get a /32 which is more than
enough to allow them to ensure that an artificial shortage of IPv6
addresses can't be used as a blockade. If there are government folk reading
this list who are interested I can show them how to do it without waiting
on permission from anyone.
--
Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130919/ccaab9ed/attachment.html>
More information about the cryptography
mailing list