Cringely Gives KnowNow Some Unbelievable Free Press... (fwd)
Bram Cohen
bram at gawth.com
Tue Feb 26 19:49:30 EST 2002
Arnold G. Reinhold wrote:
> At 11:49 AM -0800 2/25/02, bear wrote:
> >...
> >The "secure forever" level of difficulty that we used to believe
> >we got from 2kbit keys in RSA is apparently a property of 6kbit
> >keys and higher, barring further highly-unexpected discoveries.
>
> Highly-unexpected? All of public key cryptography is build on
> unproven mathematical assumptions. Why should this be the last
> breakthrough? If you plot the curve of what key length was considered
> long enough as a function of time, it doesn't look very good.
Indeed, the only PK primitive I *really* trust is secure hash based
signatures -
http://bitconjurer.org/CheapSignaturesBeta.py
Going one step below that, most of the practical breaks we've had have
been from protocol screwups rather than key length problems, and I've
never seen a list purporting to be definitive of all the gotchas in RSA,
so the only fancy math primitive I feel confident to design a protocol
with is diffie-hellman.
So there you have it - the only really confidence-inspiring piece of
public key cryptography was the first one ever invented.
-Bram Cohen
"Markets can remain irrational longer than you can remain solvent"
-- John Maynard Keynes
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list